MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2fc9c32a7a88ad193cf3d24d25a93ddec1f20141a2d50fd68f5c77115abff5e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2fc9c32a7a88ad193cf3d24d25a93ddec1f20141a2d50fd68f5c77115abff5e8
SHA3-384 hash: d6c92df934eaa94efebfa8e72ad03fad31996cff188ac740a686366b2d09e900dd8acbade5de6a95cb9b8844005b4777
SHA1 hash: 4891e0addcc5ae02992699bb4370451dabf6ffc0
MD5 hash: d6637eef607e0f1ba48dd9bad3b70f03
humanhash: floor-enemy-texas-fourteen
File name:hx9RP3BV.js
Download: download sample
Signature AZORult
Create hunting rule
File size:1'044 bytes
First seen:2024-01-21 17:28:27 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 24:iJFacEC+Czzf5j1IsiRI4QAxBwlVICb1P/vMiKDKj:E7EP8Vj6x+jlXvMvOj
TLSH T1AE1135521838DE4D43453B88942AAD6E86B013236B85F2F6746CC5CDF770110C9E6537
Reporter rmceoin
Tags:js

Intelligence

File Origin
# of uploads :
1
# of downloads :
312
Origin country :
US US
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Other.Malware-gen.3404.14917.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
86%
Tags:
anti-vm evasive obfuscated powershell
Link:
https://www.filescan.io/uploads/65ad545edca4dca481df18e1/reports/f43f6b7c-f60d-4171-9d26-a92cc678bea5/overview
Verdict:
Malicious
Labled as:
Trojan.Cryxos.JS
Link:
https://www.hybrid-analysis.com/sample/2fc9c32a7a88ad193cf3d24d25a93ddec1f20141a2d50fd68f5c77115abff5e8
Result
Verdict:
MALICIOUS
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1378321
Signature
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Behaviour
Behavior Graph:
Download SVG
Score:
66%
Verdict:
Susipicious
File Type:
ASCII
Link:
https://malprob.io/report/2fc9c32a7a88ad193cf3d24d25a93ddec1f20141a2d50fd68f5c77115abff5e8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2fc9c32a7a88ad193cf3d24d25a93ddec1f20141a2d50fd68f5c77115abff5e8/
Threat name:
Script-JS.Trojan.Cryxos
Create hunting rule
Status:
Malicious
First seen:
2024-01-21 17:29:04 UTC
File Type:
Text (JavaScript)
AV detection:
11 of 38 (28.95%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=f7e4gkt2rcwrspht2jgslkj533a7eakbulkq7vuplr3rcwv76xua._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/240121-v2jy1sfahn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Blocklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

AZORult

zip dd4612be6e9a57ea8b9ac95cfc1db5bf7b4b05b3ac837c582cddbd7f1e7aed93

AZORult

Shortcut (lnk) lnk 9b1a84b656f463c30a9e69bdd88c8e268354b3b3eccdd72725779517c016e464

AZORult

Java Script (JS) js 2fc9c32a7a88ad193cf3d24d25a93ddec1f20141a2d50fd68f5c77115abff5e8

(this sample)

PowerShell (PS) ps1 ace2a7812874a84b32590f440f9c4d9d99567e12cb86f0ba598e5e65aa4948c0

  
Dropped by
SHA256 9b1a84b656f463c30a9e69bdd88c8e268354b3b3eccdd72725779517c016e464
  
Delivery method
Distributed via e-mail link
  
Dropping
SHA256 ace2a7812874a84b32590f440f9c4d9d99567e12cb86f0ba598e5e65aa4948c0
  
Dropping
MD5 f05df7c16d8c236fab6ee2b2a1997ce5
  
Dropping
SHA256 f61e953b18744be06991184c5d58a618ebcdb53c4a64ed0236e9e9300eb2aacf
  
Dropping
MD5 6fffe8bb1d9464d007d32d886bce0817
  
Dropped by
MD5 e9da9cc727dcaa5cdeeebeba24fba794

Comments