MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6707f8585bc86cee81fa957414be0bcfc707b1786d372b057de4cc0f30d2af08. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 11


Intelligence 11 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6707f8585bc86cee81fa957414be0bcfc707b1786d372b057de4cc0f30d2af08
SHA3-384 hash: eb76092cfc8cf84885283669d402400f26bfcaa4a023db03e2e5ac4a8cc48073b3056460bed83c53bdaffbcc64cd2181
SHA1 hash: 2dded58f57f22fdfd389fd8b4df1b95267f7a096
MD5 hash: 8ba8a8618deb4d33788a752797912dc2
humanhash: speaker-white-louisiana-carbon
File name:HalkbankEkstre310521657876007850.exe
Download: download sample
Signature AZORult
Create hunting rule
File size:164'736 bytes
First seen:2021-05-31 12:01:06 UTC
Last seen:2021-05-31 13:18:35 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7fa974366048f9c551ef45714595665e (946 x Formbook, 398 x Loki, 261 x AgentTesla)
ssdeep 3072:8Lk395hYXJvMDAHDJh1OX/wLuZKPolAUswWCEfO3gtYWX1Knxnp:8Qq+D2DL1OvwLizAUswWlO3Fac9p
Threatray 1'416 similar samples on MalwareBazaar
TLSH 15F3015B77D0C4EFC91392B105A7A7A4DABAD3802335165B3F944FBA39222938D27583
Reporter abuse_ch
Tags:AZORult exe


Avatar
abuse_ch
AZORult C2:
http://ppdb.smkn1cilegon.sch.id/huPl/index.php

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://ppdb.smkn1cilegon.sch.id/huPl/index.php https://threatfox.abuse.ch/ioc/67864/

Intelligence

File Origin
# of uploads :
2
# of downloads :
305
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
HalkbankEkstre310521657876007850.exe
Verdict:
Malicious activity
Analysis date:
2021-05-31 12:03:13 UTC
Tags:
installer trojan rat azorult stealer
Link:
https://app.any.run/tasks/820b07a0-faa6-4a73-9a67-38d8db891018

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Azorult
Create hunting rule
Link:
https://www.capesandbox.com/analysis/163486/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.9430.4419.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a file
Sending a UDP request
Creating a window
Forced shutdown of a system process
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Azorult
Create hunting rule
Detection:
malicious
Classification:
spyw
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/794695
Signature
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Yara detected Azorult
Yara detected Azorult Info Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6707f8585bc86cee81fa957414be0bcfc707b1786d372b057de4cc0f30d2af08/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-05-31 12:01:22 UTC
AV detection:
11 of 28 (39.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=m4d7qwc3zbwo5ap2sv2bjpqlz7dqpmlynu3swbl54tga6mgsv4ea._file
Verdict:
malicious
Label(s):
azorult
Create hunting rule
Similar samples:
58b8457797f88443a07f9c033039776fa7c5834eeee4d4b5af353ab159bd85e8
AZORult
624e5509cedfb8121623c45d583c18e8fc351bf881aafb5c2de521fccba60240
AZORult
65d873e82fc6d0e63a224589cdee5551f2d98c313e19adbc9799ef17ae493a8f
AZORult
6e4da46962c65c24ebe731eba3468420a3a0a28cdc923e82396f1b8cedd05da1
AZORult
d18db9c01ea7cd1e601ee79c9b18ecd3604bda94fe2ac738547946a72e281788
AZORult
de0c932fa9dcf368ae6d6247059b933546e941df97d03af66aeeafba3ba393ad
AZORult
e322e8349dbf5db2aa3169503472febc300260eafae32ccb853162ed517b7e63
AZORult
e3fe60d8a1026a8919ef0dc81ad619db81d992a7f653a1996689f8e35b320c9a
AZORult
ea2b7f867e0d51fe8bf2fcfdeb0bcc52b9bf69e66df1066958b8173973a1fb4a
AZORult
f1ab8e352e53ee2d4aa8625e789682ca1a5ef4adaba22b1ba7ce3d68664bcb2e
AZORult
+ 1'406 additional samples on MalwareBazaar
Result
Malware family:
azorult
Create hunting rule
Score:
  10/10
Tags:
family:azorult infostealer spyware stealer trojan
Link:
https://tria.ge/reports/210531-sy49cs596x/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Loads dropped DLL
Reads local data of messenger clients
Azorult
Malware Config
C2 Extraction:
http://ppdb.smkn1cilegon.sch.id/huPl/index.php
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Azorult
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6707f8585bc86cee81fa957414be0bcfc707b1786d372b057de4cc0f30d2af08

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/163486/

Comments