MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 587179a3f44ef689a8e42e7ef3b21d525aa27f762100a9b9cb9469bef632c5e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AZORult

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	587179a3f44ef689a8e42e7ef3b21d525aa27f762100a9b9cb9469bef632c5e7
SHA3-384 hash:	a00bc1651d74134bd525682695221199ee93211f8a3209639b649c6138284edae099c9acb5245e989a588e224f9fc00f
SHA1 hash:	49695a9a03f955d4fdc87199e31c751cbbddf0b5
MD5 hash:	f8405b951f3facc69298e8c9e9785f09
humanhash:	early-batman-saturn-jupiter
File name:	PAGES FROM BOQ-47_pdf.exe
Download:	download sample
Signature	AZORult Create hunting rule
File size:	614'400 bytes
First seen:	2020-06-03 12:49:01 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	4c30bc6e69598a9e79d9571eedd41ffa (8 x AgentTesla, 2 x Loki, 2 x FormBook)
ssdeep	12288:Io6a/b0kfLj8dG+6+Onu/SaWSDhrVaFx1UVxcAerXJLZ8:0yNLjiOnRhS3an1UIASJe
Threatray	443 similar samples on MalwareBazaar
TLSH	87D48D22E7A05437C1F3167D9C1B9778782EBD5239287D4A2BE4DC4CAF393813926297
Reporter	abuse_ch
Tags:	AZORult exe

abuse_ch

Malspam distributing AZORult:

HELO: no-reverse-dns-configured.com
Sending IP: 94.102.63.75
From: segar@mblasta.com
Subject: RFQ - FOR SUPPLY AND DELIVERY OF GOODS IN DUHAIL SOUTH AND UMM LEKHBA (ZONE 30&31) - PACKAGE 02
Attachment: PAGES FROM BOQ-47_pdf.zip (contains "PAGES FROM BOQ-47_pdf.exe")

AZORult C2:
http://mblasta.com/china/AZO/index.php

Intelligence

File Origin

# of uploads :

# of downloads :

104

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Adware.Slugin-6803969-0

PUA.Win.Adware.Slugin-6840354-0

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-06-03 13:20:47 UTC

File Type:

PE (Exe)

Extracted files:

293

AV detection:

18 of 31 (58.06%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=lbyxti7uj33itkhefz7phmq5kjnke73weeaktoolsru355rsyxtq._file

Verdict:

malicious

Label(s):

azorult

Result

Malware family:

azorult

Score:

10/10

Tags:

family:azorult infostealer trojan

Link:

https://tria.ge/reports/201109-tzn8772jzs/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Azorult

Malware Config

C2 Extraction:

http://mblasta.com/china/AZO/index.php

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

zip 33a1fce53aa468361bfbc5a024050ae6553106a34567b07381489bd7b93f6e78

AZORult

exe 587179a3f44ef689a8e42e7ef3b21d525aa27f762100a9b9cb9469bef632c5e7

(this sample)

Dropped by

MD5 3b676f5c74ebd8233fbb3aaf7314b1fa

Delivery method

Distributed via e-mail attachment

Dropped by

SHA256 33a1fce53aa468361bfbc5a024050ae6553106a34567b07381489bd7b93f6e78

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample