MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99b9b649c59745f1544c91ffe35dad1e1529c9cb6715325c95ee396bbe3db2ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 99b9b649c59745f1544c91ffe35dad1e1529c9cb6715325c95ee396bbe3db2ab
SHA3-384 hash: d7250fad5364577003246cd5a019c8202403aa819947f86fc895179d89a5729fb7750d28b23d556d196f905cec458ec8
SHA1 hash: 91b7f295f6230df5fb99b2870aad0e9bb8ddaf38
MD5 hash: 2ba01244e3e52eec7b41ed5703bc73ca
humanhash: echo-lithium-carpet-princess
File name:kaqVJ8nFTa.dat
Download: download sample
Signature AZORult
Create hunting rule
File size:5'430'784 bytes
First seen:2020-06-29 05:23:16 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash a7a5554658df9122f350e3cefcf18ce7 (1 x AZORult)
ssdeep 98304:UdHhbERJRxX3BSmgbZv89ruQY6UaTtL9s2C39iZnmZdn:eaJfXRSmgJ8tQ6R5sp3
Threatray 33 similar samples on MalwareBazaar
TLSH C14633BB8A406ED7D2B1537B683381418915F9339F0E125AB06F26E582A790CEFF5F50
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/15300/
Detection:
azorult
Create hunting rule
Link:
https://mwdb.cert.pl/sample/99b9b649c59745f1544c91ffe35dad1e1529c9cb6715325c95ee396bbe3db2ab/
Threat name:
Win32.Trojan.Casbaneiro
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 05:25:05 UTC
File Type:
PE (Dll)
Extracted files:
10
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
08c31318d635778eaaf19c55440ed58570e764db28339f3061d927d9f3643ce3
AZORult
1466a3a68f3c7f673d4b8ba514bc078fadda4c009f342c077f1d6cb0710d9b72
AZORult
1571b2ee13c7552f19b2fffc1c3f7dc63dffa8652d0cfa32136852629763018d
AZORult
33ffacc3e517f4f1dad47f1ca28d26188e202d5e2e300e1e71bc0a57e682292a
AZORult
433811102726bc15416ca338a2df55ec1daaf3f2565ee00d7f6484064746fb30
AZORult
68e0c8bcb14bc94813d8c6494966d1f32b60ccca1fb9d80996707abeee3d2db5
AZORult
831ba6efa4a49eb1c7ff749fe442b393c5a614f383bf1efb52512a183b4362fc
AZORult
bfd12725c557e1a9992dccff4257290adec43be6315f68471af0d26c9fa662ad
AZORult
c91e89e7dd72b337a6933cf71f0b9905d58460ca0f0c922f49ad86d3819af960
AZORult
d6ba040d10d1fb8e0f6a8b1d5378be566f6d3816bf1a00fb3e0bb6eed29346b2
AZORult
+ 23 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion trojan
Link:
https://tria.ge/reports/200629-cg68qknqxe/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Checks whether UAC is enabled
Checks BIOS information in registry
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/15300/

Comments