MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa699d6811b7b84893adc0734f2d1b044903ffd15d68ccde38002f34057c35fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa699d6811b7b84893adc0734f2d1b044903ffd15d68ccde38002f34057c35fe
SHA3-384 hash: 59912faa857022a42b417c6aa715f41d144322608c59b1a85c53d41887543684d5c0f0cc0b4fee9da312a38bdd627b3f
SHA1 hash: e746b4e2b7dc92796c8bd0fbe4a2c343e62c488c
MD5 hash: a49b7b6dd481825d82efc04712a15183
humanhash: hydrogen-virginia-fifteen-monkey
File name:oja2.exe
Download: download sample
Signature AZORult
Create hunting rule
File size:916'480 bytes
First seen:2020-04-27 13:57:24 UTC
Last seen:2020-04-27 15:14:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:eJS6NEElIhzFIwWdlNiFhYK/9fMYfL0iIfz2IuivebTrz2//LQWqEc+3:eJS6NE882K/9fYitn2rVc+
Threatray 424 similar samples on MalwareBazaar
TLSH F915F613EEE5481FC5BE2AF895704B154EA8AE8B150DB3CD178879983C733878D8E653
Reporter James_inthe_box
Tags:AZORult exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ArtemisA49B7B6DD481.399.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-27 13:56:59 UTC
File Type:
PE (.Net Exe)
Extracted files:
13
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
azorult
Create hunting rule
Similar samples:
20a9bc3f666ce6b20c542ada396b7e3a2b222fedd94886c42a239aeb06bddda3
AZORult
4381f3472301d8b680f90832edd05d853bcef530b48f0476ce7ad1f6b150434c
AZORult
5d21ac6bca0ba98cba5930bc0ad3bc702615c3169f8fd73535f920adb8f547b3
AZORult
6db812f8cde69dfe388cc2e7f8c3275c8f1dba462374e6215722de0663af526d
AZORult
6fa68728252ed2ff5085223351da61ac8491d237707846ba016f0bd2f14f47bc
AZORult
980fb51b13fc0116ca06b8e5d8116569942b53eb4ae54c33b62e731f149cb136
AZORult
a6e22fa468017d9340a33ada6f780ba5f28758f9348fdc6bdf1b5756ae2414c2
AZORult
c755cbe34fdad2ee86d4c6226d040ea111489e468df67a70c32cb890d1ed90ac
AZORult
f2dcf747bef15584ddd0242430a2374ef9b3b3b542b25cfd75589ec2d3dc66d6
AZORult
f519262929d4793f6fa538f80ce1a4c378b6bfa16b09cb8ac63475fd1b1bd39b
AZORult
+ 414 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/352167/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments