MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b45712feea82b6c42076de610a00aa62c1a2d9fae892df9396e6dc9db75bb54. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b45712feea82b6c42076de610a00aa62c1a2d9fae892df9396e6dc9db75bb54
SHA3-384 hash: 4c6cbcbd33c599e8cbdd8d272e237906b597956cbb13cb67caad1b22a4623722ad8948e3edb6d34f55766c7ea36bdda1
SHA1 hash: 0aff8839e1102a97269b6ab11e4072b5648157a8
MD5 hash: 9803ba35815f4581bcd9c91947b8e35c
humanhash: monkey-spring-lemon-potato
File name:Dekont..pdf.img
Download: download sample
Signature AZORult
Create hunting rule
File size:1'245'184 bytes
First seen:2021-01-07 14:07:07 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:JVr0/a1IPbEbT7tLfKrdQojdC+D2Eb3ZQFWL3rygW2SatjBeXaZ:zrQa1IP4bQJQojoJEFQY3rygxSatFeG
TLSH 8A45D442B78CCA94DA9071BB4BD5A62C5343F0D7F610CAA5631E8AF165B31C1BD8F398
Reporter abuse_ch
Tags:AZORult geo Halkbank img TUR


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server.gmdsa.us
Sending IP: 45.141.37.223
From: Halkbank Internet Subesi <internet.subesi@halkbank.com.tr>
Subject: 7.01.2021 TARİHLİ DEKONT
Attachment: Dekont..pdf.img (contains "Dekont.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
335
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.0127bfef7d4408d3.1570.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8b45712feea82b6c42076de610a00aa62c1a2d9fae892df9396e6dc9db75bb54/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-07 14:08:10 UTC
AV detection:
6 of 45 (13.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rncxcl7ovavwyqqhnxtbbiakuywbulm7v2es36jznzw4tw3vxnka._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8b45712feea82b6c42076de610a00aa62c1a2d9fae892df9396e6dc9db75bb54

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

img 8b45712feea82b6c42076de610a00aa62c1a2d9fae892df9396e6dc9db75bb54

(this sample)

AZORult

Executable exe fe117521cd5f1653cebc4d6a3bfd85dfd273e4df7d8e0204205779a951e421bc

  
Dropping
MD5 0127bfef7d4408d3384e5792da7384d0
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fe117521cd5f1653cebc4d6a3bfd85dfd273e4df7d8e0204205779a951e421bc

Comments