30052024_1402_27052024_FATURA-TR[.]tar[.]lz | Triage

Sharing

General

Target

30052024_1402_27052024_FATURA-TR.tar.lz
Size

877KB
MD5

04d39d799652e5cfc46716fbec9ac58c
SHA1

84ad5fbb48f3e8223eb40b13837fe4f1f906d36b
SHA256

d307086888548ce42d3be3382b268ab742cdee639d26786c32b628cd34535dac
SHA512

7dd67119adf7b22eab6749ddf1ccbb1f032ce8d16dd02f9be94be9991384427904bd4c72cb8ec8ff2fed7b72c2314cec5c226691a5dcd110480ce5e41435cc57
SSDEEP

24576:RR2+iz+2mtHwPcqCQ/RkaQZKwva9Ken6UNERGnX:inz+2mppqCQ+1dHQNER0X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/FATURA TR.exe

Files

30052024_1402_27052024_FATURA-TR.tar.lz
.lz

Password: infected
sample.out
.tar

Password: infected
FATURA TR.exe
.exe windows:4 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ