MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1cf09a1fb8df7bcc4b807b11383bac34c4c91f559d03938dc3a9e6975ea7521f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1cf09a1fb8df7bcc4b807b11383bac34c4c91f559d03938dc3a9e6975ea7521f
SHA3-384 hash: 98a721193d700ceb4648672bfeecdf882fc6d0a735c467841acdea444bde15902f4f911af057cff29da0673a729bcdca
SHA1 hash: 64e4c4b436ab918322f7afe67bbde6ab75b2380b
MD5 hash: 8e45daa7032a79380c603bdc90b89d36
humanhash: river-edward-sink-pip
File name:eInvoicing_pdf.xz
Download: download sample
Signature AZORult
Create hunting rule
File size:216'591 bytes
First seen:2020-10-27 10:04:52 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 6144:VWk6wkjrgwKLMtUldKk0pDiIf4PMHG++B:gkZkjrgwKMgdW5lfkMPC
TLSH 04241250A30A0BFEC24829E6EF4F94BEC7895FDDB05538DBB795AA581DC00281F2E5C1
Reporter abuse_ch
Tags:AZORult TNT xz


Avatar
abuse_ch
Malspam distributing AZORult:

HELO: larisaevents.gr
Sending IP: 213.239.215.207
From: einvoicing <tntsupport.admin@tnt.com>
Subject: TNT Express Invoice: 09004105 - Account: 000022245
Attachment: eInvoicing_pdf.xz (contains "eInvoicing_pdf.bat")

AZORult C2:
http://45.137.22.58/udu/index.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1cf09a1fb8df7bcc4b807b11383bac34c4c91f559d03938dc3a9e6975ea7521f/
Threat name:
ByteCode-MSIL.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-10-27 07:18:24 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dtyjuh5y3554ys4apmitqo5mgtcmsh2vtubzhdodvhtjoxvhkipq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

xz 1cf09a1fb8df7bcc4b807b11383bac34c4c91f559d03938dc3a9e6975ea7521f

(this sample)

AZORult

Executable exe 25d74b964a760bd4c90485176758901be0387d50b50394f674c71d9f0e68fe74

  
Dropping
MD5 05b343c5698687b15202286a488dff0a
  
Dropping
AZORult
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 25d74b964a760bd4c90485176758901be0387d50b50394f674c71d9f0e68fe74

Comments