MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4f39aa4bc0fa5a462a090c08441b78f3591b463608a2a0de268defb709ddd40. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4f39aa4bc0fa5a462a090c08441b78f3591b463608a2a0de268defb709ddd40
SHA3-384 hash: 8317f9668577250c86c65abb2852fd8b0e367a4e31191ddb86d5bb6a59e30fcbcdfef6e57e935c5a3f1ebd64f378bcfe
SHA1 hash: 980cb1be67fbd8d5180a3762c79af22da1d55084
MD5 hash: 365fcf90f4a4a3804244393c868eb227
humanhash: minnesota-kansas-sad-three
File name:New Case Activated CCMA Case GAJB00138471-21.pdf.gz
Download: download sample
Signature AZORult
Create hunting rule
File size:518'284 bytes
First seen:2021-02-22 07:31:10 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:q9IVIgDB6/3R40wq185nI468uViMRJ0q/v1HWwPu+m/kR:yOIV/3nE5GVrJHFPjm8R
TLSH 5DB4239DF4AEB8876015F43F0FCBAE1B20DC831D4D7A65A23C6581A280B533BBB9D551
Reporter abuse_ch
Tags:gz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: faxoshe.com
Sending IP: 199.217.117.132
From: casemngt@ccma.org.za
Subject: New Case Activated: CCMA Case GAJB00138471-21 (GAJB) is Scheduled for 'Arbitration' for Fri 26-February-2021 10:00am
Attachment: New Case Activated CCMA Case GAJB00138471-21.pdf.gz (contains "New Case Activated CCMA Case GAJB00138471-21.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
122
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
SUSPICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f4f39aa4bc0fa5a462a090c08441b78f3591b463608a2a0de268defb709ddd40/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-02-22 07:31:29 UTC
AV detection:
5 of 47 (10.64%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6tzzvjf4b6s2iyvasdaiiqnxr42zdnddmcfcudpcndppw4e53vaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AZORult

gz f4f39aa4bc0fa5a462a090c08441b78f3591b463608a2a0de268defb709ddd40

(this sample)

AZORult

Executable exe aab4d0198e57e6a91a1318310347b8a9d16d7fee076211fcb9dcb5a720a2fc71

  
Dropping
MD5 4e729521bcdb0e1a8f3d0699e3b82b12
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aab4d0198e57e6a91a1318310347b8a9d16d7fee076211fcb9dcb5a720a2fc71

Comments