MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9739e405c8408179997ac6d497f557afad062cd201d0155aeca09386b35efa60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9739e405c8408179997ac6d497f557afad062cd201d0155aeca09386b35efa60
SHA3-384 hash: 239d332de7d33295281047e1ac0e4520546a7ea0cb064760c2cffb04be35738f010ff7f623951d3d9972b35fe28c0b51
SHA1 hash: b495386dfcf14d82c094d025d30cb226f136be69
MD5 hash: cd38089bb928f2556553d217b0aa93fc
humanhash: enemy-johnny-snake-cup
File name:9739e405c8408179997ac6d497f557afad062cd201d0155aeca09386b35efa60
Download: download sample
Signature AZORult
Create hunting rule
File size:1'584'640 bytes
First seen:2020-11-05 23:57:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'647 x AgentTesla, 19'449 x Formbook, 12'201 x SnakeKeylogger)
ssdeep 12288:Xs07uzAcQ2RO0qPnVHMS3Ypo4X5bTc8Czwn4lZnFLNbXQQgYLNuLv/5:
TLSH D375473D6E9926E36173E676A0F60187F9E865C673781C8B41C33B5C294AE023D9B34D
Reporter seifreed
Tags:AZORult

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Unauthorized injection to a recently created process
Creating a file
DNS request
Creating a file in the %temp% subdirectories
Deleting a recently created file
Reading critical registry keys
Creating a window
Stealing user critical data
Sending an HTTP POST request to an infection source
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9739e405c8408179997ac6d497f557afad062cd201d0155aeca09386b35efa60/
Threat name:
Win32.Infostealer.Azorult
Create hunting rule
Status:
Malicious
First seen:
2020-10-31 16:20:21 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s446iboiicaxtgl2y3kjp5kxv6wqmlgsahibkwxmucjynm267jqa._file
Result
Malware family:
azorult
Create hunting rule
Score:
  10/10
Tags:
family:azorult discovery infostealer spyware trojan
Link:
https://tria.ge/reports/201106-hshzjbtrvx/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
JavaScript code in executable
Loads dropped DLL
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Azorult
Malware family:
zgRAT
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/9739e405c840/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/770564/

Comments