MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8db2158192d9a590115bb5685455bdd0386bcbc0b5f87010c652e0bf0cc4f0d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8db2158192d9a590115bb5685455bdd0386bcbc0b5f87010c652e0bf0cc4f0d9
SHA3-384 hash: d8c54651ae095ecf86dc1cf433796f9b312d5b669b32c1fbd4e50fc475d7f9c7eaa5a49a8c72880f50d657aa0d71edce
SHA1 hash: bbb827254b320115a6ff86732054d82011670d4f
MD5 hash: 2ff796764e5535e2ce5cc1ccf8f482f7
humanhash: stream-xray-lake-colorado
File name:INVDOC.zip
Download: download sample
Signature AZORult
Create hunting rule
File size:212'954 bytes
First seen:2020-06-26 11:50:40 UTC
Last seen:2020-06-26 12:39:28 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:bFp3V+ylTxGFjwlcnWkFNbUh12OdpeC6OMDjwI/xk:5hVjiU7dX4DR/S
TLSH 1824237D09A83AB3A13C9F5D05E2DC42D0D76749F0F2D6E9DB6B149E2CC0A9C1904EA7
Reporter abuse_ch
Tags:AZORult zip


Avatar
abuse_ch
Malspam distributing AZORult:

HELO: vps100.domain.local
Sending IP: 111.90.149.22
From: sales@nts-agrer.de
Subject: Re: New order
Attachment: INVDOC.zip (contains "INVDOC.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
180
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.349.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8db2158192d9a590115bb5685455bdd0386bcbc0b5f87010c652e0bf0cc4f0d9/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 11:52:05 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rwzblams3gszaek3wvufivn52a4gxs6awx4haeggklql6dge6dmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

zip 8db2158192d9a590115bb5685455bdd0386bcbc0b5f87010c652e0bf0cc4f0d9

(this sample)

AZORult

Executable exe 0f1269b032abf449f574c48a6f41e50cba8fbf735c42b7b7fbe47ee50b04d9ec

  
Dropping
MD5 f8c46009eec65e51e583fc0eea2b409e
  
Dropping
AZORult
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0f1269b032abf449f574c48a6f41e50cba8fbf735c42b7b7fbe47ee50b04d9ec

Comments