MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 103d49b3d4a0bdb4227674f8962821a88ac09d6ba6db2b779d07b598efbf5eeb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 103d49b3d4a0bdb4227674f8962821a88ac09d6ba6db2b779d07b598efbf5eeb
SHA3-384 hash: 7a9ffc1f75c45bc86c53c874be5e705e952f92ab1e621cb39fbd4f6a9d035dadedbc991f44ec00024fc9ec3f033afd3a
SHA1 hash: f5dbd47d0eef2f8216beee390403117e4c9ed8d7
MD5 hash: 8967303a26ace15f02a40e2f69145af7
humanhash: oxygen-violet-nitrogen-gee
File name:RECEIPT_PDF.rar
Download: download sample
Signature AZORult
Create hunting rule
File size:161'513 bytes
First seen:2021-07-08 08:39:23 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:z3iPkBy1kwbuR73B1DRC8slGYlDBSvWWHmu5UfdlHY2VWVo8HiUgOktUY7:bicofupBZRlsxB1W/5UHcViROn2
TLSH T1CDF312F294A552286879E974ABB4B8AFC640D03CC6C38DF807ADDDE279B4D4851DCDB0
Reporter cocaman
Tags:AZORult DHL rar


Avatar
cocaman
Malicious email (T1566.001)
From: "DHL Express <consignments-notification@dhl.com>" (likely spoofed)
Received: "from vl23433.dns-privadas.es (vl23433.dns-privadas.es [81.21.70.244]) "
Date: "Thu, 08 Jul 2021 00:14:12 -0700"
Subject: "DHL NOTIFICATION FOR INCOMING SHIPMENT"
Attachment: "RECEIPT_PDF.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
185
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27271.Rar5Heur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/103d49b3d4a0bdb4227674f8962821a88ac09d6ba6db2b779d07b598efbf5eeb/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-07-08 08:40:08 UTC
File Type:
Binary (Archive)
Extracted files:
21
AV detection:
12 of 46 (26.09%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ca6utm6uuc63iitwot4jmkbbvcfmbhllu3nsw545a62zr357l3vq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210708-mprb5lkn62/
Behaviour
Checks processor information in registry
Download via BitsAdmin
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Loads dropped DLL
Downloads MZ/PE file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.33
Link:
https://yomi.yoroi.company/submissions/103d49b3d4a0bdb4227674f8962821a88ac09d6ba6db2b779d07b598efbf5eeb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

rar 103d49b3d4a0bdb4227674f8962821a88ac09d6ba6db2b779d07b598efbf5eeb

(this sample)

AZORult

Executable exe a2fa84e5ecfde2e65cb13ae7b13be29c2bdca0b01e746cc6e015c92ed36c087a

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a2fa84e5ecfde2e65cb13ae7b13be29c2bdca0b01e746cc6e015c92ed36c087a

Comments