MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66a405a411a5be5e380864115df0f2bf743afa9b76aaff6c544c9231f227f2ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 66a405a411a5be5e380864115df0f2bf743afa9b76aaff6c544c9231f227f2ce
SHA3-384 hash: 1d8193e937583b0684d94e02e4a5648fe0d434fd91abdc30181353d09343d3bcc09c3496e81e5b5adb77cdb4dbc5ed1c
SHA1 hash: dc676fbd0d15d1cc12705505f1eebd4f87bddaac
MD5 hash: 35a3dc8ebdc6f18f5320af1df5abe3ad
humanhash: earth-orange-hydrogen-gee
File name:Payment Swift Notification_pdf.r18
Download: download sample
Signature AZORult
Create hunting rule
File size:359'874 bytes
First seen:2020-08-19 11:16:18 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:yEuwktdP3p7Kte4TkvrmoPCatGg8lMYfdVdjeZR8wmHw4Nq6JrmnnZEEd:y5Pdh7K/O6o6IyDkZCwmQ4w6OZEEd
TLSH F5742324295F59E747F820C81B4DB0C49A18C1A16520386737D7B6A7A23ACBCB3E7DD7
Reporter abuse_ch
Tags:AZORult r18


Avatar
abuse_ch
Malspam distributing AZORult:

HELO: nctr148.trdns.com
Sending IP: 77.245.144.119
From: Standard Chartered Bank <PaymentsAE@sc.com>
Subject: SUBJECT:Advice from Standard Chartered Bank
Attachment: Payment Swift Notification_pdf.r18 (contains "Payment Swift Notification_pdf.exe")

AZORult C2:

https://h-to-h.mixh.jp/ws/PL341/index.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
296
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/66a405a411a5be5e380864115df0f2bf743afa9b76aaff6c544c9231f227f2ce/
Threat name:
ByteCode-MSIL.Trojan.Perseus
Create hunting rule
Status:
Malicious
First seen:
2020-08-19 11:18:07 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=m2saljaruw7f4oaimqiv34hsx52dv6u3o2vp63cujsjdd4rh6lha._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/66a405a411a5be5e380864115df0f2bf743afa9b76aaff6c544c9231f227f2ce

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

rar 66a405a411a5be5e380864115df0f2bf743afa9b76aaff6c544c9231f227f2ce

(this sample)

AZORult

Executable exe 1c2894353e85e78ce3f7d55ce6ef7422e5ddcc52dfa1a92bbe6808c01228e57e

  
Dropping
MD5 b9a1e3f3bc25b19ccc08a0526a28f177
  
Dropping
AZORult
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1c2894353e85e78ce3f7d55ce6ef7422e5ddcc52dfa1a92bbe6808c01228e57e

Comments