MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 864d5b48aef11a6967c306c18eb326c7a84b5bbb5b168956e8079a0da18c4d5c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 864d5b48aef11a6967c306c18eb326c7a84b5bbb5b168956e8079a0da18c4d5c
SHA3-384 hash: fccee2907821e2f5d2354d598da0fd2424a8c437b9773836ad75408acdd15afd7647efca99f0dd72263a994c34cf6261
SHA1 hash: 379a9088c0b6d911d2a6279a7c63b2af9189dc1c
MD5 hash: bdb4185f19111dfbfe9529167cd4988c
humanhash: white-salami-monkey-fillet
File name:Customer Statements Over-due forpayment.pdf.exe
Download: download sample
Signature AZORult
Create hunting rule
File size:230'912 bytes
First seen:2020-08-18 19:36:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 47b81d7c9b03e21dd91e018da13a7c2f (1 x AZORult, 1 x Neurevt)
ssdeep 3072:exwRV08rDXMrM4Wb5LxeWDVjP9s0ppW/o/8UyACzttdGdaXInpYxJah4mR5:exwR5raML4Qjls0pCrAcUdPnpC4R
TLSH 5034DF2D7BDFC433D40785B568B1C7B06A79B872456642873B844BBD6E306E38B2B742
Reporter abuse_ch
Tags:AZORult exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: host.qualifairs.com
Sending IP: 85.25.130.41
From: accounts4@miosa.co.za
Subject: Customer Statements [Overdue for payment]
Attachment: Customer Statements Over-due for payment.pdf.gz (contains "Customer Statements Over-due for payment.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
259
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/48064/
Detection(s):
Win.Dropper.Tofsee-9393128-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending an HTTP POST request
Creating a file in the %temp% subdirectories
Sending a UDP request
Creating a file
Deleting a recently created file
Reading critical registry keys
Creating a window
Stealing user critical data
Detection:
azorult
Create hunting rule
Link:
https://mwdb.cert.pl/sample/864d5b48aef11a6967c306c18eb326c7a84b5bbb5b168956e8079a0da18c4d5c/
Threat name:
Win32.Trojan.MintTitirez
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 19:37:05 UTC
AV detection:
22 of 27 (81.48%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qzgvwsfo6engsz6da3ay5mzgy6ueww53lmlisvxia6na3immjvoa._file
Verdict:
unknown
Result
Malware family:
azorult
Create hunting rule
Score:
  10/10
Tags:
spyware discovery trojan infostealer family:azorult
Link:
https://tria.ge/reports/200818-ygecsrey6a/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Checks installed software on the system
JavaScript code in executable
Loads dropped DLL
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Azorult
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/864d5b48aef11a6967c306c18eb326c7a84b5bbb5b168956e8079a0da18c4d5c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

gz 23aa5ade7ac12c1677ffaca2f5abf14b6845f6498618bb0797cdc520597886ac

AZORult

Executable exe 864d5b48aef11a6967c306c18eb326c7a84b5bbb5b168956e8079a0da18c4d5c

(this sample)

  
Dropped by
MD5 ac100388bb9d11e9051b71d44b0e2769
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/48064/
  
Dropped by
SHA256 23aa5ade7ac12c1677ffaca2f5abf14b6845f6498618bb0797cdc520597886ac

Comments