MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a1339d21b4d8257f445a7ef9a2d25864faecdb0097e9367945056cabf441ac17. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a1339d21b4d8257f445a7ef9a2d25864faecdb0097e9367945056cabf441ac17
SHA3-384 hash: 8b77f6bea3bbe6caec7daa7473461ebc33c53f49b13ccfca1a2b0b45b69dc5967d83b7ca3d026934390a6f337fb38212
SHA1 hash: a263f388e2d2aa9dd8b75f1e6bbcdf876249428e
MD5 hash: 27ab563027c35fc4256d61a1a2f4900f
humanhash: blue-stream-yankee-michigan
File name:Notification from SARS Non Compliance Notice.PDF.gz
Download: download sample
Signature AZORult
Create hunting rule
File size:234'523 bytes
First seen:2021-01-13 07:42:12 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 3072:GZOCs6UwEllf53koYbVxcCiN9I5AuFE6ZqpEJRpW390kMfkYX2IyU+mZukWCP:GC61wf50oGfooNHo3900YmIImcCP
TLSH 5A342364DF287A8327C4116B818C5DE580C8DF5D271A2CAC23F7C86399D75BD1EAEE24
Reporter abuse_ch
Tags:AZORult geo gz SARS ZAF


Avatar
abuse_ch
Malspam distributing AZORult:

HELO: freyzers.com
Sending IP: 188.138.122.57
From: noreply@sars.gov.za
Subject: DO NOT IGNORE : Notification from SARS [Non Compliance Notice]
Attachment: Notification from SARS Non Compliance Notice.PDF.gz (contains "Notification from SARS Non Compliance Notice.PDF.exe")

AZORult C2:
http://193.239.147.212/azone/index.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
312
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-48
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a1339d21b4d8257f445a7ef9a2d25864faecdb0097e9367945056cabf441ac17/
Threat name:
Win32.Dropper.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-13 07:43:12 UTC
AV detection:
3 of 46 (6.52%)
Threat level:
  3/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uezz2inu3asx6rc2p342fusymt5ozwyas7utm6kfavwkx5cbvqlq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.44
Link:
https://yomi.yoroi.company/submissions/a1339d21b4d8257f445a7ef9a2d25864faecdb0097e9367945056cabf441ac17

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

gz a1339d21b4d8257f445a7ef9a2d25864faecdb0097e9367945056cabf441ac17

(this sample)

AZORult

Executable exe 84eed2d8d2c4b18c30ee556a96f780eacab4867c8edddad676161d205c6ee404

  
Dropping
MD5 ac3d6756e2babc2499c9c6e8606ba8b3
  
Dropping
AZORult
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 84eed2d8d2c4b18c30ee556a96f780eacab4867c8edddad676161d205c6ee404

Comments