MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f519262929d4793f6fa538f80ce1a4c378b6bfa16b09cb8ac63475fd1b1bd39b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f519262929d4793f6fa538f80ce1a4c378b6bfa16b09cb8ac63475fd1b1bd39b
SHA3-384 hash: 608acc47be5b715d32542bdba6b6614671d1fb8d5c5710c4bd5da490c15a2652d2c35ec963b2c3e7dc177e28192726cc
SHA1 hash: f00457715b1f97e4327d3d79d51bc6d82d9a988c
MD5 hash: d8a0ede0fcd30761f746596b82919aeb
humanhash: hamper-magnesium-whiskey-delta
File name:proforma invoice.exe
Download: download sample
Signature AZORult
Create hunting rule
File size:403'968 bytes
First seen:2020-07-14 19:02:52 UTC
Last seen:2020-07-14 19:58:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'462 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 6144:3MPWv+4Kce7mIspWYz251s1RMUQhjLktXn+pj9wPeAJ9:dcmvp1SOFQ0
Threatray 431 similar samples on MalwareBazaar
TLSH 8184CF19E3E9CA5EE0AE1EBED513612147B5B947F5A4E7DE8A8C2CDD1413B20C40237B
Reporter James_inthe_box
Tags:AZORult exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
210
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Azorult
Create hunting rule
Link:
https://www.capesandbox.com/analysis/25812/
Detection(s):
SecuriteInfo.com.Trojan.Inject3.44628.91.1562.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
DNS request
Sending a custom TCP request
Sending an HTTP POST request
Forced shutdown of a system process
Unauthorized injection to a system process
Detection:
azorult
Create hunting rule
Link:
https://mwdb.cert.pl/sample/f519262929d4793f6fa538f80ce1a4c378b6bfa16b09cb8ac63475fd1b1bd39b/
Threat name:
ByteCode-MSIL.Infostealer.Stimilina
Create hunting rule
Status:
Malicious
First seen:
2020-07-14 13:31:28 UTC
File Type:
PE (.Net Exe)
Extracted files:
9
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6umsmkjj2r4t635fhd4azyneyn4lnp5bnme4xcwggr272gy32onq._file
Verdict:
malicious
Label(s):
azorult
Create hunting rule
Similar samples:
0030717c09c6bcbe9db0f9837ac85415e0bc3762ec9a8f131f7f6920193582a3
AZORult
20a9bc3f666ce6b20c542ada396b7e3a2b222fedd94886c42a239aeb06bddda3
AZORult
587179a3f44ef689a8e42e7ef3b21d525aa27f762100a9b9cb9469bef632c5e7
AZORult
5d21ac6bca0ba98cba5930bc0ad3bc702615c3169f8fd73535f920adb8f547b3
AZORult
6db812f8cde69dfe388cc2e7f8c3275c8f1dba462374e6215722de0663af526d
AZORult
7fb195bc96bd220998dd778dd9e6fcb70320102bbb8656d4c765800ad8d9bb83
AZORult
8480058fc20ebfef47d1ebccbb54b88f656715b99c2d4e80ad46b05906ff4dbe
AZORult
a6e22fa468017d9340a33ada6f780ba5f28758f9348fdc6bdf1b5756ae2414c2
AZORult
c82a750c5a0dcc2a923f97b3bfbba13fd302144fdcdab020f7c7c94e24892807
AZORult
e09494d2123e6999dccd6ab91cf541f90821785cd6d9a9e5f24dc296c04b857e
AZORult
+ 421 additional samples on MalwareBazaar
Result
Malware family:
azorult
Create hunting rule
Score:
  10/10
Tags:
trojan infostealer family:azorult
Link:
https://tria.ge/reports/200714-zdzdtvvjbe/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Azorult
Malware Config
C2 Extraction:
https://hotelavlokan.com/fungg/32/index.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/25812/

Comments