MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e7c668c7e162c5f559902b9f2127c9b59cd7f5b4a932f8c7327b4f24f97e17f4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: e7c668c7e162c5f559902b9f2127c9b59cd7f5b4a932f8c7327b4f24f97e17f4
SHA3-384 hash: bc811a314033506f07f9e03885e6c0f598d50b091e58d9e988683e50ec3d05dd5c6095d95347fe645377c2afa0e0ac6a
SHA1 hash: 2539bcb75f4d557161fd98af124f5644e3f360cb
MD5 hash: f2d7a2f47138d21f75f5ac9fc508da67
humanhash: eleven-april-pennsylvania-fish
File name:Data Sheet.zip
Download: download sample
Signature AZORult
File size:203'178 bytes
First seen:2020-06-30 05:44:16 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:ZK8B9dEReBm3T348iVlMddTaPLuwaRPVg7Y:ZK/RBjoLUTaPyFPOM
TLSH 671412A4A209C73F91EAFFC131BBA1884BC3BF71745C0EE8D915004EA5E556939E8E47
Reporter @abuse_ch
Tags:AZORult zip


Twitter
@abuse_ch
Malspam distributing AZORult:

HELO: 123-235.iphost.gr
Sending IP: 93.174.123.235
From: Marilyn Aguinaldo <websales@actionpumps.co.uk>
Reply-To: Marilyn Aguinaldo <boxerindie27@gmail.com>
Subject: PO # 208 / 2020
Attachment: Data Sheet.zip (contains "Data Sheet.exe")

AZORult C2:
http://165.22.238.171/index.php

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 30
Origin country US US
ClamAV SecuriteInfo.com.MSIL.GenKryptik.ENGK.190.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/e7c668c7e162c5f559902b9f2127c9b59cd7f5b4a932f8c7327b4f24f97e17f4/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Agenttesla
First seen:2020-06-30 05:46:05 UTC
AV detection:18 of 48 (37.50%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

zip e7c668c7e162c5f559902b9f2127c9b59cd7f5b4a932f8c7327b4f24f97e17f4

(this sample)

  
Dropping
AZORult
  
Delivery method
Distributed via e-mail attachment

Comments