Extracted

• • Target

    Ziraat Bankasi Swift Mesaji.exe

  • Size

    174KB

  • MD5

    df4661b4904247d3dd64530784445f45

  • SHA1

    f5a0782103540f96c808f665db32819314df0111

  • SHA256

    249a6e00e51f37da8a605d0a1b1e6a4d74d0a26210a7da06669b2341fd508c1a

  • SHA512

    c6e2838a89e03d586e40e5d78e4155ff85616d66efab9a3e6b9ec9cf872cd8556dc03acb778b713853bce5952f84ab7a41d0a21960f4c5bba989bb8670f2a073

  • SSDEEP

    3072:ANzPHk9MpcWbUyvXBPGXH7uxbHrMKHpR41IB98mG06jtdNB9zXqgT:AhRDUyfBPGXIzrMKJy1IUhtTXz6gT

  Score

  10^/10

  azorultcollectiondiscoveryinfostealerspywarestealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Checks QEMU agent file

    Checks presence of QEMU agent, possibly to detect virtualization.

  • Deletes itself

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2