General
-
Target
Ziraat Bankasi Swift Mesaji.pdf.exe
-
Size
413KB
-
Sample
230920-vgtbyshe7t
-
MD5
9fbef348c8c0558a2f192df83d0c4437
-
SHA1
05ec32a1d41c3c3e1ee696347749797bac1c9bab
-
SHA256
351db39c3affe720b1666ee7fea828ef85c9801c403f8f1e0e74998450c6d9ad
-
SHA512
e8cd13d3668310ca19f7334cb6d66eeb9bfa8942a8bb311bdd368a8dc1d9c63ead8815109ccf7a2efbd072920abbc1d2fe19e44041f2e2385e95cef7d6f33e78
-
SSDEEP
6144:xB+pgUvsgje7ILkbl3XD/wO5V/GqkerBON1VnWjC1aLgPzVdin04tN3p:xgnN+4kZXD/WgLgLVdyNZ
Static task
static1
Behavioral task
behavioral1
Sample
Ziraat Bankasi Swift Mesaji.pdf.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
Ziraat Bankasi Swift Mesaji.pdf.exe
Resource
win10v2004-20230915-en
Malware Config
Targets
-
-
Target
Ziraat Bankasi Swift Mesaji.pdf.exe
-
Size
413KB
-
MD5
9fbef348c8c0558a2f192df83d0c4437
-
SHA1
05ec32a1d41c3c3e1ee696347749797bac1c9bab
-
SHA256
351db39c3affe720b1666ee7fea828ef85c9801c403f8f1e0e74998450c6d9ad
-
SHA512
e8cd13d3668310ca19f7334cb6d66eeb9bfa8942a8bb311bdd368a8dc1d9c63ead8815109ccf7a2efbd072920abbc1d2fe19e44041f2e2385e95cef7d6f33e78
-
SSDEEP
6144:xB+pgUvsgje7ILkbl3XD/wO5V/GqkerBON1VnWjC1aLgPzVdin04tN3p:xgnN+4kZXD/WgLgLVdyNZ
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-