MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f9fa8e86c0738cd9e6ab73272015257d596e9f7048d4fa1e1b57d22816b67b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5f9fa8e86c0738cd9e6ab73272015257d596e9f7048d4fa1e1b57d22816b67b9
SHA3-384 hash: db77e19440a0a8b57ddb207ca8782d12723f3f8cc0421c9ede320376110297e76b6a4574e7bfa89b66c6d5c77b8cd7d5
SHA1 hash: 35f8c7c1d1794e12c413dccdb6f2d7142202c4ca
MD5 hash: 5eb6e2ccdc44749a5b39d9c7d903f270
humanhash: california-april-edward-enemy
File name:Pi Request.zip
Download: download sample
Signature AZORult
Create hunting rule
File size:336'273 bytes
First seen:2021-08-23 06:43:49 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:LF/pUrKnPdyxHfX3aD+BT8mT3UVw2NcFbEaWWxRH7YnnwEtXdvZF80qwj9kyE:5aOnPdyxHFGuFbEaWEYnnldvZFnqwj9M
TLSH T184642321D360DDDC836BA40FAE00A6C266FD067BF583AB9C694460C7D1A27D9235FC5A
Reporter cocaman
Tags:AZORult INVOICE zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Chakradhar Pokkula <erwinsby@sekawan.com>" (likely spoofed)
Received: "from mail.sekawan.com (mail.sekawan.com [45.251.72.199]) "
Date: "Mon, 23 Aug 2021 04:49:16 +0700"
Subject: "Request For Proforma Invoice"
Attachment: "Pi Request.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'441
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Porcupine.MSIL.GenKryptik.FJJP.101420.UNOFFICIAL
Create hunting rule

Porcupine.MSIL.GenKryptik.FJJP.101419.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/5f9fa8e86c0738cd9e6ab73272015257d596e9f7048d4fa1e1b57d22816b67b9
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5f9fa8e86c0738cd9e6ab73272015257d596e9f7048d4fa1e1b57d22816b67b9/
Threat name:
Win32.Trojan.Sabsik
Create hunting rule
Status:
Malicious
First seen:
2021-08-22 21:21:39 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
8 of 46 (17.39%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=l6p2r2dma44m3htkw4zheaksk7kzn2pxasgu7ipbwv6sfallm64q._file
Result
Malware family:
azorult
Create hunting rule
Score:
  10/10
Tags:
family:azorult infostealer trojan
Link:
https://tria.ge/reports/210823-t1bbl5ep2a/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Azorult
Malware Config
C2 Extraction:
http://208.167.239.179/index.php
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5f9fa8e86c0738cd9e6ab73272015257d596e9f7048d4fa1e1b57d22816b67b9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

zip 5f9fa8e86c0738cd9e6ab73272015257d596e9f7048d4fa1e1b57d22816b67b9

(this sample)

AZORult

Executable exe 0768f66b3f6ee8f9f32520837cee96da8d725c789d82ba16771bbad740b737ee

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0768f66b3f6ee8f9f32520837cee96da8d725c789d82ba16771bbad740b737ee

Comments