MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b297410a0f739e14f1b7821da518304de8467d9dfda17dd9d45dde4ed8744e9b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b297410a0f739e14f1b7821da518304de8467d9dfda17dd9d45dde4ed8744e9b
SHA3-384 hash: 019378f8f6f8fd02169766259d3f696fc3d8dc70b6a61ed4e3115ee3531a96c72f9de20618a020d472f97db58a849595
SHA1 hash: a04008cfcb1cb010d114ca7fb84a90b6e8767140
MD5 hash: d61dd8168fc7c98d24e25cca8650f88c
humanhash: neptune-bluebird-queen-hydrogen
File name:SecuriteInfo.com.Trojan.PWS.Siggen2.45611.29888.2496
Download: download sample
Signature AZORult
Create hunting rule
File size:337'920 bytes
First seen:2020-03-25 13:04:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'650 x AgentTesla, 19'462 x Formbook, 12'203 x SnakeKeylogger)
ssdeep 6144:ZzYjU8qaa8aQDddXGM7iHplxOWZTIiCLcjCR6ADhsZC1+xZdxHsDCfFcbnymxzX:ZUbdd27xjpKF6ADKC1+xfRsDCfFcbnyQ
Threatray 613 similar samples on MalwareBazaar
TLSH 4474CF093690FA1FC12F8FF7A4900D608770A56B9307E6736DCB14E9588E79A7B113D6
Reporter SecuriteInfoCom
Tags:AZORult

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.45611.29888.2496.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-03-25 11:21:24 UTC
File Type:
PE (.Net Exe)
Extracted files:
7
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wkluccqpoopbj4nxqio2kgbqjxuem7m57wqx3woulxpe5wduj2nq._file
Verdict:
malicious
Label(s):
azorult
Create hunting rule
Similar samples:
234563f2949217b4a1ec8e9d80c9f353ac82ae7baee24ce29c5eab37b6dddf29
AZORult
24a74c858b9e16322e848c84a2e9e915f493da9580b5f4653eb236c836484738
AZORult
265e98c6d780a7bbdde192e6460e248a3271ed22d0383a043df17354ec88ba9b
AZORult
80cc2999c2dd412c72032c3923aac5a80aabe9e86a8f4579fa7c807f45f669f0
AZORult
886cec0fe0e68cd029b2f082e65009e46205d4f4fefa5d70923031ab5982fbc1
AZORult
a4315c283bbfdb4d8272f5f490346ccd13071e732a8a6f710d900f556de752de
AZORult
bb8510a80af2965bdca1fdb2218ebfaa2a72402c0b767c3fde6b7807baa647b5
AZORult
c71e4e7b9c68fc0fc7138d9bdef27e42c22754176ff903a06104addc28535996
AZORult
eb74a075bdf0deff49aeb0b816e39dd6237d846eee6ff74a2518ff5526fbc781
AZORult
f2dcf747bef15584ddd0242430a2374ef9b3b3b542b25cfd75589ec2d3dc66d6
AZORult
+ 603 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AZORult

Executable exe b297410a0f739e14f1b7821da518304de8467d9dfda17dd9d45dde4ed8744e9b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/329708/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments