Extracted

• • Target

    HalkbankEkstre20220801178701033009.exe

  • Size

    691KB

  • MD5

    8bd13a7858764b487ae00b5394d59c75

  • SHA1

    9fbd31d4f97ca4405a9b7abbb4e22e2554fceeaa

  • SHA256

    51440f5a52c3bea327dff5f79b0e875455719bcdf1d963af7637f26bddc90591

  • SHA512

    a6e8a6188f71a4289a6d1f4c246085c966cd319e14d0f4fa5639c357acf4b48303eeea77d8fa77fa258eebbfc358fd78bf8ab6abe66d4cbd3cd2e57250e8c950

  Score

  10^/10

  azorultcollectiondiscoveryinfostealerspywarestealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2