MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3fc6c496a7fd8bc32d388d146f937cb8cd0e359637a17351593a85ea02817db0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3fc6c496a7fd8bc32d388d146f937cb8cd0e359637a17351593a85ea02817db0
SHA3-384 hash: d4d0e216128480034e0be14a354c99822445a4b8f0d6408a62c5ef783668ff580dab686541c280f5a060599106228895
SHA1 hash: 980a16d2ff3717c51c2d271150b29e126a1007a2
MD5 hash: 79a9123c033331a2a97a421db014140a
humanhash: river-purple-steak-fanta
File name:sample copy.zip
Download: download sample
Signature AZORult
Create hunting rule
File size:401'226 bytes
First seen:2020-11-20 07:49:24 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:g1l6iysKNLKnGYno96EdvIbShe3zgZzt58Ff+A:KKdKnlnoM2vXhesX58tb
TLSH 2984239FEE6C2D364CD0587E53D029C6803A953FC569017D2B6E0D97A3039BFA8E6187
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: localhost.localdomain
Sending IP: 185.105.238.174
From: Bettina <info@conqueror-ltd.com>
Reply-To: me <gonzajohnn@gmail.com>
Subject: New Order (urgent)
Attachment: sample copy.zip (contains "sample copy.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3fc6c496a7fd8bc32d388d146f937cb8cd0e359637a17351593a85ea02817db0/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-19 23:30:08 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h7dmjfvh7wf4gljyrukg7e34xdgq4nmwg6qxgukzhkc6uaubpwya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

zip 3fc6c496a7fd8bc32d388d146f937cb8cd0e359637a17351593a85ea02817db0

(this sample)

AZORult

Executable exe 564d7870a1507925ab8383d6614abb87cc89bf0cd482964c60e3e85b03d30fca

  
Dropping
MD5 d50ebe6039cba579d40aeec31fd76dca
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 564d7870a1507925ab8383d6614abb87cc89bf0cd482964c60e3e85b03d30fca

Comments