MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54faeff9c6d813dfdef27085bff55068d66a58018f52a786f172c5e28fb0c1ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 54faeff9c6d813dfdef27085bff55068d66a58018f52a786f172c5e28fb0c1ef
SHA3-384 hash: 92da54115f82fdeb5fd699e967a5e0a1c798c31adf0042f4cf962b093e258e457a07fac4a08e453445ec6da6814275a8
SHA1 hash: 60f7dd4266f12864aa1a2d01b85b319dedc357ca
MD5 hash: a1a20ac50e73e933409b88aa5b8cb6c1
humanhash: jig-papa-bluebird-quebec
File name:Company and Invoice details.pdf.gz
Download: download sample
Signature AZORult
Create hunting rule
File size:266'668 bytes
First seen:2020-08-17 09:25:08 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:R9No9PgP3+zQZS//c2GBqyy/Ke0xng9dcM8Y8:R9KGPOP/U3/QY+dcfY8
TLSH 244423629A2433B80D3D86155B726E4ED300B279D83AFF983134D9213A5B0277BEC66D
Reporter abuse_ch
Tags:AZORult gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: host.qualifairs.com
Sending IP: 85.25.130.41
From: quote@kingcivil.co.za
Subject: Request for quotation KC00128828 (PLEASE QUOTE URGENTLY)
Attachment: Company and Invoice details.pdf.gz (contains "Company and Invoice details.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
220
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKDZ.69508.11164.10372.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/54faeff9c6d813dfdef27085bff55068d66a58018f52a786f172c5e28fb0c1ef/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 09:27:05 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kt5o76og3aj57xxsocc375kqndlguwabr5jkpbxrolc6fd5qyhxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.61
Link:
https://yomi.yoroi.company/submissions/54faeff9c6d813dfdef27085bff55068d66a58018f52a786f172c5e28fb0c1ef

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

gz 54faeff9c6d813dfdef27085bff55068d66a58018f52a786f172c5e28fb0c1ef

(this sample)

AZORult

Executable exe 556078f7b9c9cc0472e000c38af7b5285ebc9e9e70282c5fa9e8b9063bcd16ac

  
Dropping
MD5 19802cc0677cd3227d39adfcc7e625fb
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 556078f7b9c9cc0472e000c38af7b5285ebc9e9e70282c5fa9e8b9063bcd16ac

Comments