MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6db812f8cde69dfe388cc2e7f8c3275c8f1dba462374e6215722de0663af526d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AZORult

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	6db812f8cde69dfe388cc2e7f8c3275c8f1dba462374e6215722de0663af526d
SHA3-384 hash:	4224f34d1ffa34e7352cc6df12e044817503d137d7946278c967739adc60d0071ea5ea46491b13c1e5a386f31e81b25c
SHA1 hash:	26e364afceba6388ca1c70982a2f6f121145682c
MD5 hash:	349dabf717f5fdaaa50464141ab6e335
humanhash:	lemon-speaker-zebra-hot
File name:	Purchase Order 7-6-20.exe
Download:	download sample
Signature	AZORult Create hunting rule
File size:	223'744 bytes
First seen:	2020-07-06 10:27:47 UTC
Last seen:	2020-07-06 12:14:02 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep	3072:BHX0cGfUSY6ZfA2Ft45OD9+rdVCJ2jnH57KCTxHgL+iTDUpK4vF3y/yOFP9JLFd:B3xiRa+UvBnH57K6xA1ToK4vFAJx
Threatray	442 similar samples on MalwareBazaar
TLSH	2B24CF6BB3AC0D49E2AD533D9A319AB007B9F8059121D7F95BE4D0DB3E537824600F6B
Reporter	jarumlus
Tags:	AZORult

Intelligence

File Origin

# of uploads :

# of downloads :

186

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Azorult

Link:

https://www.capesandbox.com/analysis/21490/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.43446144.537.21332.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Unauthorized injection to a recently created process

DNS request

Sending a custom TCP request

Sending an HTTP POST request

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6db812f8cde69dfe388cc2e7f8c3275c8f1dba462374e6215722de0663af526d/

Threat name:

ByteCode-MSIL.Infostealer.Fareit

Status:

Malicious

First seen:

2020-07-06 02:02:32 UTC

AV detection:

35 of 48 (72.92%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=nw4bf6gn42o74oemylt7rqzhlshr3osgen2omikxelpamy5pkjwq._file

Verdict:

malicious

Label(s):

azorult

Result

Malware family:

azorult

Score:

10/10

Tags:

spyware discovery trojan infostealer family:azorult

Link:

https://tria.ge/reports/200706-nvpw6bq3k2/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetThreadContext

Checks for installed software on the system

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Reads user/profile data of local email clients

Azorult

Malware Config

C2 Extraction:

https://www.nirjhara.com/mine/32/index.php

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

zip eb97873ba0b64fb835b9876ab116f9f5fe25874030e74f3fd99e31cf6dc47db0

AZORult

exe 6db812f8cde69dfe388cc2e7f8c3275c8f1dba462374e6215722de0663af526d

(this sample)

Dropped by

MD5 92a67517fb57e96c854291e2034b5740

Dropped by

SHA256 eb97873ba0b64fb835b9876ab116f9f5fe25874030e74f3fd99e31cf6dc47db0

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/21490/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample