MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec5d5eca53b547ad572c004994f1d6ca36728da609823ab8618166e751ee5bb8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ec5d5eca53b547ad572c004994f1d6ca36728da609823ab8618166e751ee5bb8
SHA3-384 hash: 71a64843c978d8c4ad02a342ba9708500dd2dbeff24460dfda927886c44d3dcca5701b9a372e7c461c0db2758e7b5785
SHA1 hash: b3418b4e8ac9c6af8c30a4aec84cbb3ee97e29ab
MD5 hash: ea409251707f3dd950cc8afcf91a2835
humanhash: cold-football-iowa-eleven
File name:Covid19.zip
Download: download sample
Signature AZORult
Create hunting rule
File size:169'412 bytes
First seen:2020-04-06 08:41:22 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:W11h5m03Y6DkPEOiildG+XCUDS2WwOiM/fBXh5Xk5fMmdth4+B9Si:61h5mU3POiil8+fDS2W1iKBXL2dtP9Si
TLSH 74F313A61F8F8F76FB25726851C0586C8E7E93F1118417A948D087B909BF666313E83F
Reporter abuse_ch
Tags:AZORult COVID-19 zip


Avatar
abuse_ch
COVID-19 themed malspam distributing AZORult:

HELO: frf-ajf.ro
From: Andrie Anastasiou <aanastasiou@cfa.com>
Subject: URGENT STEPS TO AVOID COVID 19 | COVID 19 MEDICAL TEAM
Attachment: Covid19.zip (contains "GABzXnOoQxpme8Z.exe")

AZORult C2:
https://memotech.cf/odo/index.php (84.16.248.160)

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.33739.18024.26490.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 09:48:36 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
21 of 47 (44.68%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5rov5sstwvd22vzmabezj4owzi3hfdngbgbdvodbqftooupolo4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

zip ec5d5eca53b547ad572c004994f1d6ca36728da609823ab8618166e751ee5bb8

(this sample)

AZORult

Executable exe 0d179d84c8ffb0bc51000ced1a8bd4ca444f1e5c4b4e9327ee6596deca2ce40e

  
Dropping
MD5 00033f49beb6f51894a4896e8ffb3743
  
Dropping
SHA256 0d179d84c8ffb0bc51000ced1a8bd4ca444f1e5c4b4e9327ee6596deca2ce40e
  
Dropping
AZORult
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0d179d84c8ffb0bc51000ced1a8bd4ca444f1e5c4b4e9327ee6596deca2ce40e

Comments