MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c0a8deba6eaabfa81bbb2f843845c861851c41ec8b907ab8d5b80d2da15e4d40. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c0a8deba6eaabfa81bbb2f843845c861851c41ec8b907ab8d5b80d2da15e4d40
SHA3-384 hash: 666db0c8f5828eda3f513cde2a12624ad53248043cfd41e2024b250fddfb226ad34ba6b45ae0a3ec1d117e7ee8a58df3
SHA1 hash: 851534fe0b5454a259bda98315782f4b9400f26c
MD5 hash: ca7de2c69685e5dfdfac62a701a32b52
humanhash: three-three-victor-salami
File name:e-dekont.pdf.img
Download: download sample
Signature AZORult
Create hunting rule
File size:1'245'184 bytes
First seen:2020-10-26 14:15:05 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:3nNAb3haZEd1BLKAq/In0kVJj8tG0KeVB7yYI2Mju:d43mEdndqQn04Jj
TLSH 0745F72A730BBF70E96D69F10815206304B5FFC5AE66F5697B84789C8FB34DD088DA81
Reporter abuse_ch
Tags:AZORult geo img TUR ZiraatBank


Avatar
abuse_ch
Malspam distributing AZORult:

HELO: server.doklsa.us
Sending IP: 185.249.197.82
From: ZIRAAT BANKASI <ziraat039@ileti.ziraatbank.com.tr>
Subject: Dekont
Attachment: e-dekont.pdf.img (contains "Dekont.pdf.exe")

AZORult C2:
http://testwp.warungpencar.com/bp/index.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen10.42448.28921.32367.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c0a8deba6eaabfa81bbb2f843845c861851c41ec8b907ab8d5b80d2da15e4d40/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 08:00:16 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ycun5otovk72qg53f6cdqroimgcryqpmroihvogvxags3ik6jvaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

img c0a8deba6eaabfa81bbb2f843845c861851c41ec8b907ab8d5b80d2da15e4d40

(this sample)

AZORult

Executable exe 7f58f70a483138bf0d7c25357b8dd87d6aa94f080cdd24333be6dd51390e45b2

  
Dropping
MD5 e4c006d3b9291227ea6e226cd3c286fa
  
Dropping
AZORult
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7f58f70a483138bf0d7c25357b8dd87d6aa94f080cdd24333be6dd51390e45b2

Comments