General
-
Target
Halkbank_Ekstre_20230908_170025_496915.exe
-
Size
600KB
-
Sample
230911-lejkasfb76
-
MD5
aab2100f43d0abe6926062607286f796
-
SHA1
0bb668fc1bf65d6b0cd743039ede02631610c67c
-
SHA256
200451c7cd61830d68c86f7c4ec87af94578ffbe2bea94123764a85cc2a426ca
-
SHA512
9526920a86c4651e767358486fdb7adb490f65db166d596593213496f4c73079d8757eee28aabd6cc6a19a7f8c35073ce217fac21ad8097d0b04c5b2e5b75fca
-
SSDEEP
6144:SgORa6xKTuuuqjL7IMLeSDYZ5fT4ZkFty9Zah+dXFWIdfuB861y08N3UzYuY72vU:Sgm/S8n46U/dfc861yjNkUIHK2u
Static task
static1
Behavioral task
behavioral1
Sample
Halkbank_Ekstre_20230908_170025_496915.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Halkbank_Ekstre_20230908_170025_496915.exe
Resource
win10v2004-20230831-en
Malware Config
Targets
-
-
Target
Halkbank_Ekstre_20230908_170025_496915.exe
-
Size
600KB
-
MD5
aab2100f43d0abe6926062607286f796
-
SHA1
0bb668fc1bf65d6b0cd743039ede02631610c67c
-
SHA256
200451c7cd61830d68c86f7c4ec87af94578ffbe2bea94123764a85cc2a426ca
-
SHA512
9526920a86c4651e767358486fdb7adb490f65db166d596593213496f4c73079d8757eee28aabd6cc6a19a7f8c35073ce217fac21ad8097d0b04c5b2e5b75fca
-
SSDEEP
6144:SgORa6xKTuuuqjL7IMLeSDYZ5fT4ZkFty9Zah+dXFWIdfuB861y08N3UzYuY72vU:Sgm/S8n46U/dfc861yjNkUIHK2u
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-