MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb96ab93249a86be52aa53a58fb8667b4c54f6b6dbc899fd23ea56b12b52a001. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eb96ab93249a86be52aa53a58fb8667b4c54f6b6dbc899fd23ea56b12b52a001
SHA3-384 hash: ad5e71d3a1f0319d4579d69d131a86313475a5bf81fbe08199f350ecd386ed99bc93996f7a9c7fd1e4ed3f1068a14e4d
SHA1 hash: 631d2f6754d08228bb5e02ba2d008db47f29d8ee
MD5 hash: 1b36ba6f20f9796e513f52bfb9e1880b
humanhash: seventeen-ceiling-dakota-winner
File name:Request for quotation.exe
Download: download sample
Signature AZORult
Create hunting rule
File size:542'720 bytes
First seen:2020-06-02 07:24:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep 3072:kL5IcQsoyy85oi13gly9OZSxShcAYmBr8nOX+rs0bRvy0Uo1IuCemL/DqyIpg7ZH:yIcM4CyIZw+c/mBr8OOrsMlXpgZqD
Threatray 421 similar samples on MalwareBazaar
TLSH 6BB4D010EFB4B415D21105B34B2682F64BEFAD8B58AF40D62E41EE0A626F1B1D77F1C6
Reporter jarumlus
Tags:AZORult

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 07:35:59 UTC
File Type:
PE (.Net Exe)
Extracted files:
16
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5olkxezetkdl4uvkkosy7odgpngfj5vw3pejt7jd5jllck2suaaq._file
Verdict:
malicious
Label(s):
azorult
Create hunting rule
Similar samples:
4551d06a33be96c8808d2e180d6cf35c50cbf2dc114a51e90aa49bb4597e2936
AZORult
4639769fea49849bb1a85d41d7dc9f4975e0945b3e5b0622503a71b8a97faccf
AZORult
556078f7b9c9cc0472e000c38af7b5285ebc9e9e70282c5fa9e8b9063bcd16ac
AZORult
64f4cb67826d72ac5256bb0dd92604157d9e4a5e7603e6e68f3b262f8db041c1
AZORult
7580b583ccf57526e5a5ca40651ec5a95abe64b77a7c223f037443e480fbe185
AZORult
9d3df770b6dcd5beb650a097a597bb70c49dde306517bbc731812bf18a806719
AZORult
dd19bace27d42e2a34d4ec3a92671ad7c615a2eab04cf66bf4682fd604eaca11
AZORult
f158be721fb34c71dedeb65d051c18da565e0aa8e1e2bf1f86e585e93c22a739
AZORult
f7505d1a7254a1a38c4570f0abb3fe3a462d3c34efca6372841ac37876d2af05
AZORult
ff2a69d6c6bf6bce9060d0570e2aec5f88a964c46736e3860152895cf94449f2
AZORult
+ 411 additional samples on MalwareBazaar
Result
Malware family:
azorult
Create hunting rule
Score:
  10/10
Tags:
family:azorult infostealer persistence trojan
Link:
https://tria.ge/reports/201109-25ac4nggss/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Azorult
Malware Config
C2 Extraction:
http://iscm.edu.ar/gold/32/index.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

gz 29bd4b45715ab1d6ce2555a17a078318478347e4ed5e08eee3d7f5b7203d47f7

AZORult

Executable exe eb96ab93249a86be52aa53a58fb8667b4c54f6b6dbc899fd23ea56b12b52a001

(this sample)

  
Dropped by
MD5 3f7573ddf0749c62cb973d701f284a08
  
Dropped by
SHA256 29bd4b45715ab1d6ce2555a17a078318478347e4ed5e08eee3d7f5b7203d47f7
  
Delivery method
Distributed via e-mail attachment

Comments