MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e0a8759e82a06477519693f900800964f3a1e2c55e4022f959062c9d3a06bd76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e0a8759e82a06477519693f900800964f3a1e2c55e4022f959062c9d3a06bd76
SHA3-384 hash: 7707e02ed0c57589fb9acd1422e4160762bb0dbeabc30b504a3cb045dfab20741a42dee08bc1c31b77a592ad8e742cf6
SHA1 hash: b7f20ff385b8911a2318ee2e92bc7183813466a5
MD5 hash: a00b0870d34d223f9f6364d351328537
humanhash: montana-equal-pizza-bluebird
File name:ours.vbs
Download: download sample
Signature AZORult
Create hunting rule
File size:7'708 bytes
First seen:2020-07-10 10:50:55 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 192:+cuzsupuJtUss1ks9W79WP6misHsRIJFPs9WOWSs9WY9WG7Z4s9WMJJXWi9HDCZy:JCs6cD/i//L/b/i//L/u
TLSH 4DF1022CCA278D908043CF815EF5E585A36E8AF6CAED09B1A624CD3F5704F79B5E0591
Reporter JAMESWT_WT
Tags:AZORult

Intelligence

File Origin
# of uploads :
1
# of downloads :
211
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/24357/
Detection(s):
SecuriteInfo.com.VBS.DownLoader.2018.12557.21509.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Using the Windows Management Instrumentation requests
Launching a process
Creating a process with a hidden window
DNS request
Sending an HTTP GET request
Sending an HTTP POST request
Reading critical registry keys
Deleting a recently created file
Launching a service
Creating a file
Possible injection to a system process
Creating a file in the %temp% subdirectories
Creating a file in the %temp% directory
Stealing user critical data
Unauthorized injection to a system process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e0a8759e82a06477519693f900800964f3a1e2c55e4022f959062c9d3a06bd76/
Threat name:
Script-VBS.Trojan.SAgent
Create hunting rule
Status:
Suspicious
First seen:
2020-07-10 02:31:58 UTC
File Type:
Text (VBS)
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4cuhlhucubshoumwsp4qbaajmtz2dywflzacf6kzaywj2oqgxv3a._file
Result
Malware family:
azorult
Create hunting rule
Score:
  10/10
Tags:
trojan infostealer family:azorult spyware discovery
Link:
https://tria.ge/reports/200710-7kgvpj3r76/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Suspicious use of SetThreadContext
Drops file in System32 directory
Checks for installed software on the system
Reads data files stored by FTP clients
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Blacklisted process makes network request
Azorult
Process spawned unexpected child process
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/24357/

Comments