MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9aee92df3530cb75fb37ffe332199dc0a61718a010d34fc48dbbe16fdd1b3154. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9aee92df3530cb75fb37ffe332199dc0a61718a010d34fc48dbbe16fdd1b3154
SHA3-384 hash: 50d3d3adcd78c222de286765578fc17e8e12aa8d98aa47bf202df6e51bd86f21e9719dbc97938c9de94c012e2a7fb0f8
SHA1 hash: 1700afbdafcf20ee9deeee4165f6758403e7f43a
MD5 hash: 390ac19e8d4b6eba1a936a5052b6babf
humanhash: mango-oranges-failed-bulldog
File name:GRS66701.exe
Download: download sample
Signature AZORult
Create hunting rule
File size:154'863 bytes
First seen:2021-04-07 13:22:25 UTC
Last seen:2021-04-07 13:52:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 18bc6fa81e19f21156316b1ae696ed6b (51 x Formbook, 24 x Loki, 9 x SnakeKeylogger)
ssdeep 3072:NeYBCwqDxkJ0zzk3nW32gIEsc28HAmXmC6eLBJqoYovx14eN0ORow96H3r:NDIFYw2dEsN8HAUNPYMx145tw96H3r
Threatray 618 similar samples on MalwareBazaar
TLSH 51E3121966E044E7D89209340777B63AE37B8200242D2ACBCB1D9F3E2E769D3457C2E7
Reporter James_inthe_box
Tags:AZORult exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
268
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
GRS66701.exe
Verdict:
Malicious activity
Analysis date:
2021-04-07 13:24:20 UTC
Tags:
installer
Link:
https://app.any.run/tasks/d8e082ea-abbb-47a5-b190-763fb51e3a8f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Azorult
Create hunting rule
Link:
https://www.capesandbox.com/analysis/132858/
Detection(s):
SecuriteInfo.com.Mal.Generic-S.438.23483.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a file
Unauthorized injection to a recently created process
DNS request
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
AZORult
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/dfb8d7b3-c263-4601-8bf9-847eeb09230b
Result
Threat name:
Azorult
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/668679
Signature
Contains functionality to prevent local Windows debugging
Detected unpacking (changes PE section rights)
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Azorult
Yara detected Azorult Info Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
azorult
Create hunting rule
Link:
https://mwdb.cert.pl/sample/9aee92df3530cb75fb37ffe332199dc0a61718a010d34fc48dbbe16fdd1b3154/
Threat name:
Win32.Trojan.Spynoon
Create hunting rule
Status:
Malicious
First seen:
2021-04-07 01:34:42 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tlxjfxzvgdfxl6zx77rtegm5yctbogfacdju7renxpqw7xi3gfka._file
Verdict:
malicious
Label(s):
azorult
Create hunting rule
Similar samples:
1d3d10e3a4a2060bcd6bdfb4249260d9ed72258ad93551ef64f0cba827b87147
AZORult
2d25d136b12c900209489988b87ec94520c0734f4f31d4497fa47dfefc551bb4
AZORult
3631857b05872e653e961bf5f6313b091860b76448c555cefa67741de18eaedc
AZORult
38806d8372f8465c4775009362b83b94024fc6a280e3c83c476dec3852bcd2e6
AZORult
5af2bcd6e1359e4f5ff0b1f0d91397edb7dfeb3b6e5fef9cb73fd0bbf907b161
AZORult
62bcad1a08b9645f0b2bd969e31e3beda41ce828387eb60ce07b0749deee4c59
AZORult
65d873e82fc6d0e63a224589cdee5551f2d98c313e19adbc9799ef17ae493a8f
AZORult
6cda1f1821f10cb19986a831c9bca0ea1cb432f44cc7201c732b0d7bdc056ab9
AZORult
98813ec9a233c4d766b2695508534de59d92ba33ec5a5bf06ed26815eed02a6b
AZORult
dfc46489f05e64f62434a7af40d10b919c46fd133eb0f42e33ece6c327770470
AZORult
+ 608 additional samples on MalwareBazaar
Result
Malware family:
azorult
Create hunting rule
Score:
  10/10
Tags:
family:azorult infostealer trojan
Link:
https://tria.ge/reports/210407-jc7r587zca/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Loads dropped DLL
Azorult
Malware Config
C2 Extraction:
http://staging.onyxa.pl/XyuTr/index.php
Unpacked files
SH256 hash:
9aee92df3530cb75fb37ffe332199dc0a61718a010d34fc48dbbe16fdd1b3154
MD5 hash:
390ac19e8d4b6eba1a936a5052b6babf
SHA1 hash:
1700afbdafcf20ee9deeee4165f6758403e7f43a
Link:
https://www.unpac.me/results/a3156be4-3e66-4d90-a566-4c9f47c3140a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9aee92df3530cb75fb37ffe332199dc0a61718a010d34fc48dbbe16fdd1b3154

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/132858/

Comments