MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d179d84c8ffb0bc51000ced1a8bd4ca444f1e5c4b4e9327ee6596deca2ce40e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0d179d84c8ffb0bc51000ced1a8bd4ca444f1e5c4b4e9327ee6596deca2ce40e
SHA3-384 hash: e48f4a5bb504d6c10b4fe0bb5cd041b8ffe381193463f67f779c17e89a34b136e2a85ebc6e5d84422cac3558bdb49deb
SHA1 hash: 67d5871aa26a3aed11aa88187c8b2fbc5897c450
MD5 hash: 00033f49beb6f51894a4896e8ffb3743
humanhash: east-enemy-wisconsin-south
File name:GABzXnOoQxpme8Z.exe
Download: download sample
Signature AZORult
Create hunting rule
File size:193'024 bytes
First seen:2020-04-06 08:41:25 UTC
Last seen:2020-04-06 09:44:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 3072:BVg53Y6DkPEiMilde+XCUDSUWwOiM/fBXhzXk5fMmdpB4+BEC00W:63PiMilA+fDSUW1iKBXx2dpvA0
Threatray 293 similar samples on MalwareBazaar
TLSH 4714E14137E82F66EA7D63FD1460510407FAA1A72821E74CADD621FB19BBF011BA1F27
Reporter abuse_ch
Tags:AZORult COVID-19 exe


Avatar
abuse_ch
COVID-19 themed malspam distributing AZORult:

HELO: frf-ajf.ro
From: Andrie Anastasiou <aanastasiou@cfa.com>
Subject: URGENT STEPS TO AVOID COVID 19 | COVID 19 MEDICAL TEAM
Attachment: Covid19.zip (contains "GABzXnOoQxpme8Z.exe")

AZORult C2:
https://memotech.cf/odo/index.php (84.16.248.160)

Intelligence

File Origin
# of uploads :
2
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.33739.18024.26490.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-05 23:42:26 UTC
File Type:
PE (.Net Exe)
Extracted files:
9
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bulz3bgi76ylyuiabtwrvc6uzjce6hs4jnhjgj7omwln5srm4qha._file
Verdict:
malicious
Label(s):
azorult
Create hunting rule
Similar samples:
4639769fea49849bb1a85d41d7dc9f4975e0945b3e5b0622503a71b8a97faccf
AZORult
556078f7b9c9cc0472e000c38af7b5285ebc9e9e70282c5fa9e8b9063bcd16ac
AZORult
655455e4c04c7fd6e624b752797305264093264c08b0ab45ebfceee5f7abbc66
AZORult
90006ca498f8b95df09f017dc722da49302813fd5c483f9aec3a1f444fbad87f
AZORult
e032b8e2c654306af4cd4c7811ae971ab78dd434d0081c70821918bf6acb5385
AZORult
e53cd448b2fad21583ddd160f9b6cdfacbec7a8c9c7ae9712c4c39972daa4c18
AZORult
eb30ea1ed2ee540189bb11ebdf0cbe4a5f84ce64adcea3658af5842b6bf3d14d
AZORult
eb96ab93249a86be52aa53a58fb8667b4c54f6b6dbc899fd23ea56b12b52a001
AZORult
eece64fe2e9e21564eb410e0d750e9cc605f0b4c437c5b90d9d2ae0ed10ceed9
AZORult
f158be721fb34c71dedeb65d051c18da565e0aa8e1e2bf1f86e585e93c22a739
AZORult
+ 283 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

zip ec5d5eca53b547ad572c004994f1d6ca36728da609823ab8618166e751ee5bb8

AZORult

Executable exe 0d179d84c8ffb0bc51000ced1a8bd4ca444f1e5c4b4e9327ee6596deca2ce40e

(this sample)

  
Dropped by
MD5 ea409251707f3dd950cc8afcf91a2835
  
Dropped by
SHA256 ec5d5eca53b547ad572c004994f1d6ca36728da609823ab8618166e751ee5bb8
  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments