MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dc9b22b1af973bd12495cfd6e2c6621eb21e347a3f6a32edafb823a91d4e721a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dc9b22b1af973bd12495cfd6e2c6621eb21e347a3f6a32edafb823a91d4e721a
SHA3-384 hash: 0be2c012560a918c6d5d93f58dc1d9fbf009d992dc830ff0108eb3197feb04c49c35e6a4f45670c5ea7e9d6b44269b8c
SHA1 hash: dc7d048c579b0a67e1695445e37f19a9e0d7ed84
MD5 hash: 509a5d2b97c07305a9db34125ba0defb
humanhash: apart-virginia-item-oranges
File name:RFQ_Report_17938_pdf.exe
Download: download sample
Signature AZORult
Create hunting rule
File size:758'272 bytes
First seen:2020-06-04 07:07:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e92fa7ccd490db33ccf0235eae4258bb (3 x AgentTesla, 2 x Loki, 1 x HawkEye)
ssdeep 12288:Y6+mn9A32uu5hZqBnxeu5cfM+BIjvTxGKUlOtzz1Lww40n+ij12SC3PaEdP:Y6d97ZMmNgTBJ1oQ9j1eaiP
Threatray 319 similar samples on MalwareBazaar
TLSH 6AF48D22FEA04436C97317399C9B93B49C2ABDE07F24A98637E4DDCC5E346913935293
Reporter abuse_ch
Tags:AZORult exe


Avatar
abuse_ch
Malspam distributing AZORult:

HELO: mail.digitalgroup.hu
Sending IP: 188.36.127.74
From: elias.laszlo@industrialeb.hu
Subject: RFQ 17938 FOR REF-1021614
Attachment: RFQ_Report_17938_pdf.zip (contains "RFQ_Report_17938_pdf.exe")

AZORult C2:
http://mblasta.com/china/AZO/index.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
129
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 23:11:11 UTC
AV detection:
33 of 46 (71.74%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3snsfmnps455cjevz7lofrtcd2zb4nd2h5vdf3npxar2shkooina._file
Verdict:
malicious
Label(s):
azorult
Create hunting rule
Similar samples:
06de75b87333ad16ff8f3a9d1729784ef6f5ac11076d0a5effa2c023e683bd98
AZORult
188cd2049f2d511fbe6ede085f60214b76f73125a16165026d4e4d392f1a721a
AZORult
59e39b6123ed1218d7ae3b4406b3e06c1fc84ecb8fafad05e762b9867c77248b
AZORult
8480058fc20ebfef47d1ebccbb54b88f656715b99c2d4e80ad46b05906ff4dbe
AZORult
b5c3ce747503c0c441f81cdff3e14f7d61d58cb52b6325eb9988c366e7c2501e
AZORult
baf6a75e20150f7383f636a2a41241dd6f5a1fcfbfec13944ebd8e02479123ee
AZORult
c755cbe34fdad2ee86d4c6226d040ea111489e468df67a70c32cb890d1ed90ac
AZORult
e9a35c488c49d24c11d3d82d548c984f11f0987ba4ae47ac30409f2dc28508f7
AZORult
e9c42b737c586759102817b5922701598ec9c9256b36cf5fc28782fa09016ca4
AZORult
f2a18a286d8a68eaf280b6e43c166cbb36e0c96866e131cca9dcd9b30b395a84
AZORult
+ 309 additional samples on MalwareBazaar
Result
Malware family:
azorult
Create hunting rule
Score:
  10/10
Tags:
family:azorult infostealer trojan
Link:
https://tria.ge/reports/201109-rdq3ha6yne/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Azorult
Malware Config
C2 Extraction:
http://mblasta.com/china/AZO/index.php
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

zip cc909ef6db38b56e85aecc337e83ee25e3654b3bb70eb6d9d68fa043d58d37dc

AZORult

Executable exe dc9b22b1af973bd12495cfd6e2c6621eb21e347a3f6a32edafb823a91d4e721a

(this sample)

  
Dropped by
MD5 8c39613ae9d4254d49b9d429e89072fa
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 cc909ef6db38b56e85aecc337e83ee25e3654b3bb70eb6d9d68fa043d58d37dc

Comments