MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f2ae8f6f17f52a5a441b4e08441d388d499cfa75058896e7dfba8f58c92a4009. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


az


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f2ae8f6f17f52a5a441b4e08441d388d499cfa75058896e7dfba8f58c92a4009
SHA3-384 hash: 592fb17c22593271b7baa42f9338d0e2726eeb0097c8651e3546389ec73678f199794af66da40a1e49eca05087783b06
SHA1 hash: 659b7a0ae0a5ac8385e4d043dd10f005db4955e9
MD5 hash: 25644b2dc9e924835db00174e7a70f2f
humanhash: cup-william-oranges-blue
File name:SecuriteInfo.com.Trojan.Packed2.42841.17722.9035
Download: download sample
Signature az
Create hunting rule
File size:1'214'464 bytes
First seen:2021-02-12 22:54:53 UTC
Last seen:2021-02-12 23:54:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:wBLxy+b7lQLvvfqeo9DlzlPtSTmr/Ei14GBRYIQHY0KF0aQd05JUbMlJD2Mwcghf:2b7avBulXFr/p1tTYI10agh2R2bcyf
Threatray 129 similar samples on MalwareBazaar
TLSH 2C45F17EB380EB54C0580E77CE1294AC42F18D53EE32F2A778D87BEE6976A05461F106
Reporter SecuriteInfoCom
Tags:az

Intelligence

File Origin
# of uploads :
2
# of downloads :
300
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.Packed2.42841.17722.9035
Verdict:
Malicious activity
Analysis date:
2021-02-12 22:57:49 UTC
Tags:
trojan rat azorult
Link:
https://app.any.run/tasks/1956af96-85d1-475d-93e6-808f4ba119b7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/117014/
Detection(s):
SecuriteInfo.com.Trojan.Packed2.42841.17722.9035.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Creating a window
Unauthorized injection to a recently created process
Creating a file
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Azorult
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/607322
Signature
C2 URLs / IPs found in malware configuration
Found malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Azorult
Yara detected Azorult Info Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f2ae8f6f17f52a5a441b4e08441d388d499cfa75058896e7dfba8f58c92a4009/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-11 17:04:03 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6kxi63yx6uvfura3jyeeihjyrvezz6tvawejnz67xkhvrsjkiaeq._file
Verdict:
malicious
Label(s):
azorult
Create hunting rule
Similar samples:
261881b9a0b2810582a67284f52bb08f2da1567353648ca01032b581345d5854
az
362729de5bd2f40f51dfe5d039d9639bedd4dfda5f3c2faf10d35835b8995dcb
az
5cd44014177c68a2e4bf08bdf8ec2e779c13a340cc830ad2c3a7a71676780b0d
az
705d1bef79134efe898b490d096aecb9c0acbdc889fae25e8f2d88db9429001c
az
9471595bf2143972c4037565358a16d5547a95cf76146650de667ce30dd063f4
az
9e4326708091e0200c65e604aa974e6032c0533e2fa1e71d39f8d78ebacd8195
az
acbe0d54176227f28b98caaf141c82cc51e43a7b5797c1d3c76b01123e3f8f48
az
bdbfa9d8186cfa1a4c04fa542f78f4c794c7554e0422001f430bf0db01eab52b
az
df9b8b0093bdcff2dc73e2da55ea3c94cc90febcf05c4bb4edde266b3f376a55
az
edfb07ec10ae322bbba31f0239c009ccd95f7a1f1f07e6bf7fb1499dda801b76
az
+ 119 additional samples on MalwareBazaar
Result
Malware family:
azorult
Create hunting rule
Score:
  10/10
Tags:
family:azorult discovery infostealer spyware trojan
Link:
https://tria.ge/reports/210212-29z7118nzs/
Behaviour
Checks processor information in registry
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Deletes itself
Loads dropped DLL
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Azorult
Malware Config
C2 Extraction:
http://bengallpg.com/ghsjdfbfhf/index.php
Unpacked files
SH256 hash:
f2ae8f6f17f52a5a441b4e08441d388d499cfa75058896e7dfba8f58c92a4009
MD5 hash:
25644b2dc9e924835db00174e7a70f2f
SHA1 hash:
659b7a0ae0a5ac8385e4d043dd10f005db4955e9
Link:
https://www.unpac.me/results/9931a196-11f0-4c65-9626-ce039bfd7385/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.61
Link:
https://yomi.yoroi.company/submissions/f2ae8f6f17f52a5a441b4e08441d388d499cfa75058896e7dfba8f58c92a4009

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

az

Executable exe f2ae8f6f17f52a5a441b4e08441d388d499cfa75058896e7dfba8f58c92a4009

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/117014/
  
URLhaus
https://urlhaus.abuse.ch/url/1002890/
  
Delivery method
Distributed via web download

Comments