MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d50611afdf812fc142bef9710d5a974cc599454a699a0f99476ef7a793b2dc14. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d50611afdf812fc142bef9710d5a974cc599454a699a0f99476ef7a793b2dc14
SHA3-384 hash: eb9af1d2cb6c20dcd0ae4524dd5954865c1aef24405b89644054f86eb0bfd847505d0abb85ae3d8b7d9550c4d540f525
SHA1 hash: 221100023a1c1a5e2706eb83b48e5dc323ef5ee5
MD5 hash: c6540e8eebc17209f46d87525471a0ec
humanhash: texas-wisconsin-early-mockingbird
File name:EFT0012021011412560054_148,pdf.001
Download: download sample
Signature AZORult
Create hunting rule
File size:202'499 bytes
First seen:2021-01-14 06:54:36 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:igDm28AJ2apmNTUaCbG2ImZl48pz5Cvp/deV4tqUYdMtzmbwTXr94FCO:iQma2lDIu8pzwvxdFtqOT9O
TLSH BF1423CDEBB601F03BB327DA4D6589F60D52008DE73D66CEADA4A2E80F11B415237696
Reporter abuse_ch
Tags:001 AZORult Citibank


Avatar
abuse_ch
Malspam distributing AZORult:

HELO: box0.citibank.pw
Sending IP: 164.90.153.210
From: Citibank N.A. Indonesia <paylink.asia@citibank.pw>
Subject: Payment Advice-BFTI_EFT0012021011412560054_148_001
Attachment: EFT0012021011412560054_148,pdf.001 (contains "EFT0012021011412560054_148,pdf.com")

AZORult C2:
http://hurriway.xyz/231/index.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
282
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d50611afdf812fc142bef9710d5a974cc599454a699a0f99476ef7a793b2dc14/
Threat name:
Win32.Infostealer.BestaFera
Create hunting rule
Status:
Malicious
First seen:
2021-01-14 06:55:09 UTC
AV detection:
11 of 46 (23.91%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2udbdl67qex4cqv67fyq2wuxjtczsrkkngna7gkhn332pe5s3qka._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d50611afdf812fc142bef9710d5a974cc599454a699a0f99476ef7a793b2dc14

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

rar d50611afdf812fc142bef9710d5a974cc599454a699a0f99476ef7a793b2dc14

(this sample)

AZORult

Executable exe cb34bcf1043d10a15d4a823fe188296e161b88b630f090c8dc644de84b6105ae

  
Dropping
MD5 48ca734044cf115b599af5dc400c5fb1
  
Dropping
AZORult
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cb34bcf1043d10a15d4a823fe188296e161b88b630f090c8dc644de84b6105ae

Comments