General
-
Target
Ziraat Bankasi Swift Mesaji.pdf.exe
-
Size
631KB
-
Sample
231127-lbdvmsfe9z
-
MD5
d0a9aa8fd96a2c5ec7d0c42ae0138152
-
SHA1
15859f2d92d63ffc149cd0a0f1964e478a3d3f20
-
SHA256
d3d7a12f3eb28c42c7aa3901b6cade362ee5392f7e1b499e150cea002b3fa77b
-
SHA512
a2c3421cb15de475853f7c50897ff5efbc9b92e57f8f051db6b250bb71f3a28cadda027689d904553c399935ef3b62512cb35937bb34738cdd3ffca687898031
-
SSDEEP
12288:b+8XG5SFEyclCv8epSUdLf/6Ezm4HTPFlNW/ar75ZqTGS/2y3:b+8BFslS8epSSL3/zm4HTPFlNWyrdZqX
Static task
static1
Behavioral task
behavioral1
Sample
Ziraat Bankasi Swift Mesaji.pdf.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
Ziraat Bankasi Swift Mesaji.pdf.exe
Resource
win10v2004-20231023-en
Malware Config
Targets
-
-
Target
Ziraat Bankasi Swift Mesaji.pdf.exe
-
Size
631KB
-
MD5
d0a9aa8fd96a2c5ec7d0c42ae0138152
-
SHA1
15859f2d92d63ffc149cd0a0f1964e478a3d3f20
-
SHA256
d3d7a12f3eb28c42c7aa3901b6cade362ee5392f7e1b499e150cea002b3fa77b
-
SHA512
a2c3421cb15de475853f7c50897ff5efbc9b92e57f8f051db6b250bb71f3a28cadda027689d904553c399935ef3b62512cb35937bb34738cdd3ffca687898031
-
SSDEEP
12288:b+8XG5SFEyclCv8epSUdLf/6Ezm4HTPFlNW/ar75ZqTGS/2y3:b+8BFslS8epSSL3/zm4HTPFlNWyrdZqX
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Deletes itself
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-