MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60e4a90b0d8ac89efe92c67bdabc39b364459d7440bd435ad653d667dc57d0ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60e4a90b0d8ac89efe92c67bdabc39b364459d7440bd435ad653d667dc57d0ad
SHA3-384 hash: a8974c1efd96bb53b97639b41d421f985c3ff102f7059c66773e31c420329cd4154f195ffc443b3667e543c9e2f096b4
SHA1 hash: e6b3855cb54436b95ca1747b63274ac65baf6d91
MD5 hash: 152a0a8636184f0bf33d5f855edb9803
humanhash: winter-eleven-connecticut-seven
File name:SecuriteInfo.com.Win32.Injector.ELND.14004
Download: download sample
Signature AZORult
Create hunting rule
File size:98'304 bytes
First seen:2020-04-16 21:35:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8cdb07235d408c74345edf02a6feabeb (1 x AZORult)
ssdeep 768:SSlaQiksHXxkDilnxryX3Dqp/ve4Iv+LmMWiLZFWKaqs:/lM5HXxTr8Dqp/243LmMHlcKaF
Threatray 697 similar samples on MalwareBazaar
TLSH 2DA31721B194FEA6D1294E728EB2C7EC5025BD34DD0A350B34E83F0F39B55807962FA6
Reporter SecuriteInfoCom
Tags:AZORult

Intelligence

File Origin
# of uploads :
1
# of downloads :
118
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.VBGeneric-7670107-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-16 20:25:07 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mdskscynrlej57usyz55vpbzwnselhluic6ugwwwkplgpxcx2cwq._file
Verdict:
malicious
Label(s):
azorult
Create hunting rule
guloader
Create hunting rule
Similar samples:
234563f2949217b4a1ec8e9d80c9f353ac82ae7baee24ce29c5eab37b6dddf29
AZORult
24a74c858b9e16322e848c84a2e9e915f493da9580b5f4653eb236c836484738
AZORult
265e98c6d780a7bbdde192e6460e248a3271ed22d0383a043df17354ec88ba9b
AZORult
80cc2999c2dd412c72032c3923aac5a80aabe9e86a8f4579fa7c807f45f669f0
AZORult
a4315c283bbfdb4d8272f5f490346ccd13071e732a8a6f710d900f556de752de
AZORult
b297410a0f739e14f1b7821da518304de8467d9dfda17dd9d45dde4ed8744e9b
AZORult
bb8510a80af2965bdca1fdb2218ebfaa2a72402c0b767c3fde6b7807baa647b5
AZORult
c71e4e7b9c68fc0fc7138d9bdef27e42c22754176ff903a06104addc28535996
AZORult
eb74a075bdf0deff49aeb0b816e39dd6237d846eee6ff74a2518ff5526fbc781
AZORult
f2dcf747bef15584ddd0242430a2374ef9b3b3b542b25cfd75589ec2d3dc66d6
AZORult
+ 687 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AZORult

Executable exe 60e4a90b0d8ac89efe92c67bdabc39b364459d7440bd435ad653d667dc57d0ad

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/341679/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments