MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f1c8131edd3c5a30be572c52d2e4c15e07968bebad0ee05c49eee8374b89fe5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f1c8131edd3c5a30be572c52d2e4c15e07968bebad0ee05c49eee8374b89fe5a
SHA3-384 hash: 39fd531d763c113db981dbbfb68b84c3123abfba6468b07be75ed0ebd634554c9ac57cf67516ec9f3a92634f3b8ae6e0
SHA1 hash: f5208420964220826be4ce6c715570c6d349f068
MD5 hash: beb661cdd8b710fa0ed2ec001bc3ca58
humanhash: salami-emma-video-california
File name:Quotation.xlsx
Download: download sample
Signature AZORult
Create hunting rule
File size:45'038 bytes
First seen:2020-04-18 07:50:01 UTC
Last seen:Never
File type:Excel file xlsx
MIME type:application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
ssdeep 768:zqm/aGXCDOKuxMCU+ejCkUgNWuyD9sz9mgc+7sDK7WkKAGHKVxu5A:20L4OLqCU+EFU4FyOxmgcY7WkkqXH
TLSH 2013E1F4865A22B8E26C367A83445049AA24760B274B29D3BF3091ED0D7F2FB37D951C
Reporter cocaman
Tags:AZORult xlsx


Avatar
cocaman
Malicious email
From: "Mihir Shah" <sales@sara-global.ml>
Date: Sat, 18 Apr 2020 10:33:09 +0100
Subject: Afro-plast Quotation

Intelligence

File Origin
# of uploads :
1
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Malware.XML.Autoload-1.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.EQAndMisCasedOleNativeWasTheCaseThatTheyGaveMe.20200215.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Exploit.CVE-2017-11882
Create hunting rule
Status:
Malicious
First seen:
2020-04-18 02:34:22 UTC
File Type:
Document
Extracted files:
15
AV detection:
26 of 47 (55.32%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6hebghw5hrndbpsxfrjnfzgblydznc7lvuhoaxcj53udos4j7zna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

Excel file xlsx f1c8131edd3c5a30be572c52d2e4c15e07968bebad0ee05c49eee8374b89fe5a

(this sample)

GuLoader

Executable exe 7fbd290f28f3ac346e168c3994febcb70f81ddeeb366982226ca76559ad0fdb6

  
Delivery method
Distributed via e-mail attachment
anyrun
any.run
https://app.any.run/tasks/46c70820-a958-43a6-b90f-d79c12ac82e3
  
Dropping
SHA256 7fbd290f28f3ac346e168c3994febcb70f81ddeeb366982226ca76559ad0fdb6
Cape
Cape
https://www.capesandbox.com/analysis/1477/

Comments