MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 920f5880797ad30726cd5c3707fbba03f2e3e54de39a306a8903ce08b5301bdc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AZORult

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	920f5880797ad30726cd5c3707fbba03f2e3e54de39a306a8903ce08b5301bdc
SHA3-384 hash:	20b7d5c80a2aa057179115c07520b7ef874c58a2d0ffe45bf84af8abf8a2b8ae40318822aae8d1b22ccf4312aaa0da8f
SHA1 hash:	c63fa0f494f451bc000d665093fe4f40f9e477cd
MD5 hash:	6e11af9a2132859a07b369d52ce5ca69
humanhash:	montana-sierra-nevada-autumn
File name:	New Order POA12990120 From Akweni Group.gz
Download:	download sample
Signature	AZORult Create hunting rule
File size:	441'537 bytes
First seen:	2020-10-19 09:54:35 UTC
Last seen:	Never
File type:	gz
MIME type:	application/gzip
ssdeep	6144:h92M2waqRq8knVmYNzP6AoeySrvs92W0L8jjK2wbk+cZBbBWvtyB3oD5T8k0YG:h9jF6mc2l5Srq2W3S2NDbsgB3e5T8SG
TLSH	57942344AA6542D83DF27156B36B586E307C50F4A0205A3A4787E3A7CAF1F1AB4FDC27
Reporter	abuse_ch
Tags:	AZORult gz

abuse_ch

Malspam distributing AZORult:

HELO: host.noanfair.com
Sending IP: 69.64.34.145
From: akwenigroup@mweb.co.za
Subject: New Order PO/A129901/20 From Akweni Group
Attachment: New Order POA12990120 From Akweni Group.gz (contains "New Order POA12990120 From Akweni Group.exe")

AZORult C2:
http://185.239.242.174/owa/index.php