MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2dd59713bdfc82e98cb5dd6cff53b44006e5e110d13dc71ec779590b03da2d68. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2dd59713bdfc82e98cb5dd6cff53b44006e5e110d13dc71ec779590b03da2d68
SHA3-384 hash: 53d7109ca35e4d6a73643d73bfa3d5ef904431f5f8b463a60bdcb575a76c19fd2f95e6c5ceb7dcbd0aa22c73da8d0814
SHA1 hash: b9eb6ca35143b3323b60a2015ab5f25dcd706aad
MD5 hash: 2fd7671070753cffb4568f92c2e5dea2
humanhash: green-spaghetti-coffee-kentucky
File name:Order Specification.zip
Download: download sample
Signature AZORult
Create hunting rule
File size:724'840 bytes
First seen:2020-05-13 06:49:15 UTC
Last seen:2020-05-29 14:57:21 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:9W/v10okrtvuIJvTgIwIuj7me86y1kVpdBBQDjM6Njj5ZNNsBRawcKXIm:9yWokrtvJJvTZuj6xRkKDjM6Rj5ZNNsX
TLSH 84F4233C699439540901D25BF2A33C5E5CD9802D274CE8EABBF9C58517B179B1E0CFBA
Reporter abuse_ch
Tags:AZORult zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: 77-72-3-56.hosted-at.kloud.co.uk
Sending IP: 77.72.3.56
From: Michele Kester <info17@ngyusa.com>
Reply-To: Michele Kester <biz@gurytour.ro>
Subject: Request for prices and lead time
Attachment: Order Specification.zip (contains "Order Specification.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.23990.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 07:21:14 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fxkzoe557sbotdfv3vwp6u5uiadolyiq2e64ohwhpfmqwa62fvua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

zip 2dd59713bdfc82e98cb5dd6cff53b44006e5e110d13dc71ec779590b03da2d68

(this sample)

AZORult

Executable exe f5053d63c375cee3c53f33df04dc76dfaa3560c35bb5f166e8238804e3ba3204

  
Dropping
MD5 1a2d79996f534571873d714d86863814
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f5053d63c375cee3c53f33df04dc76dfaa3560c35bb5f166e8238804e3ba3204

Comments