MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d60af7a38f3b01fa2c7926959f9c65b91d9dac09da0e6e0431237ffd58b2e8f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d60af7a38f3b01fa2c7926959f9c65b91d9dac09da0e6e0431237ffd58b2e8f0
SHA3-384 hash: fb1337847533994ba5b13f47b0d0147956f546d96d5216b126a4cdffa89b9b03ac7fe91df55d53dca22b581d8f98fd1e
SHA1 hash: 52cd2fafcebfe21442b6760ab9e9e3ff6fb1b764
MD5 hash: 703a2f42a10301af9a359eb6ae57fd4b
humanhash: sink-echo-nine-illinois
File name:aazz.exe
Download: download sample
Signature AZORult
Create hunting rule
File size:961'536 bytes
First seen:2020-07-15 12:34:19 UTC
Last seen:2020-07-15 15:21:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'599 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 12288:LTxvDJIvvde9nJYxDJIvvde9nJYO/e5vfsUQvi06yM7XW:DIv0nJYDIv0nJYOG5vfsDE37m
Threatray 1'913 similar samples on MalwareBazaar
TLSH C1153B8211492279E168F0FAF207109AEA05EC3EE1D069B66679F7168474E73CDC5FEC
Reporter James_inthe_box
Tags:AZORult exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
213
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Azorult
Create hunting rule
Link:
https://www.capesandbox.com/analysis/25993/
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
DNS request
Detection:
azorult
Create hunting rule
Link:
https://mwdb.cert.pl/sample/d60af7a38f3b01fa2c7926959f9c65b91d9dac09da0e6e0431237ffd58b2e8f0/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-15 12:33:50 UTC
File Type:
PE (.Net Exe)
Extracted files:
5
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2yfppi4phma7uldze2kz7hdfxeoz3laj3ihg4bbren772wfs5dya._file
Verdict:
malicious
Label(s):
azorult
Create hunting rule
Similar samples:
05a1356768e4475daeebaae76e486705d2d920e7e4d511c1436ea3f9a650c1df
AZORult
0eec4264bcd0ca71859ad816d8f7fdc7145135fb0e6e52223fb200dc4bc97a59
AZORult
308c96557c6be5d4519ba4bac38c23e611c7b61683cfc1063a6009e216c24f5e
AZORult
4f197c8bdfa89d2a0d041b47dabf307cba6c3deb639134357e0bfee3bf28645f
AZORult
81337231c53d0927b5aaff1792d71b5f5270e268e1909267ad3bd79951e72642
AZORult
85a40f3f59fb797494adf184b0dbee2b3d8089e9686b9f484c5242c5a75085a9
AZORult
9e17a9c1b1d0db2c9cd8fdf42c475712f8faaa68cb08bbff910a2927b910d88f
AZORult
9ffc0cc7f5b6bfb1e02d404b6d850e2fd72a778a1a2582fc061723f084cc73c2
AZORult
c8dda41b34e9b16da333bfa30653a6f46be67c657158ecfd2c0463903b01e54d
AZORult
f09dc0b3275b4c1e3a616911805011c2871af1407599493dc980b6987cb313eb
AZORult
+ 1'903 additional samples on MalwareBazaar
Result
Malware family:
azorult
Create hunting rule
Score:
  10/10
Tags:
trojan infostealer family:azorult spyware discovery
Link:
https://tria.ge/reports/200715-4xyka5jfkx/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
JavaScript code in executable
Checks installed software on the system
Reads user/profile data of web browsers
Reads user/profile data of local email clients
Loads dropped DLL
Reads data files stored by FTP clients
Azorult
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/25993/
  
URLhaus
https://urlhaus.abuse.ch/url/413130/

Comments