MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f61e953b18744be06991184c5d58a618ebcdb53c4a64ed0236e9e9300eb2aacf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AZORult


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f61e953b18744be06991184c5d58a618ebcdb53c4a64ed0236e9e9300eb2aacf
SHA3-384 hash: 703ec5bd2e9fbfab053ff2f7be148633869d618578830e3a1b79db9ccc0f8103bfbbf8964dbe9e251dfc6d42ed9e508b
SHA1 hash: f226f133abc9cf138eef791bd046524d187d8e5b
MD5 hash: 6fffe8bb1d9464d007d32d886bce0817
humanhash: maine-blossom-jupiter-three
File name:agent3.ps1
Download: download sample
Signature AZORult
Create hunting rule
File size:7'318 bytes
First seen:2024-01-21 17:30:20 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 192:6vOuLf6+qUClbRZqwiJY5AH+W4BJeGZjf6H1XTMTqTn:6vQ+yo+yh
TLSH T1F0E179E5BE1C45E419BB225CDF928882AD4DA57415F88501F6BE8C0BF79FE2480F1B0D
Reporter rmceoin
Tags:ps1

Intelligence

File Origin
# of uploads :
1
# of downloads :
195
Origin country :
US US
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Script.SNH-gen.14515.12648.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
powershell
Link:
https://www.filescan.io/uploads/65ad54d6dca4dca481df190f/reports/4cbd509a-74e5-4ecb-8307-061ba3379184/overview
Verdict:
Malicious
Labled as:
BZC.PZQ.Boxter.826
Link:
https://www.hybrid-analysis.com/sample/f61e953b18744be06991184c5d58a618ebcdb53c4a64ed0236e9e9300eb2aacf
Result
Verdict:
MALICIOUS
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1378324
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Found suspicious powershell code related to unpacking or dynamic code loading
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
36%
Verdict:
Susipicious
File Type:
ASCII
Link:
https://malprob.io/report/f61e953b18744be06991184c5d58a618ebcdb53c4a64ed0236e9e9300eb2aacf
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f61e953b18744be06991184c5d58a618ebcdb53c4a64ed0236e9e9300eb2aacf/
Threat name:
Win32.Trojan.Boxter
Create hunting rule
Status:
Malicious
First seen:
2024-01-20 21:11:17 UTC
File Type:
Text (PowerShell)
AV detection:
8 of 38 (21.05%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6ypjkoyyorf6a2mrdbgf2wfgddv43nj4jjso2arw5hutadvsvlhq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/240121-v3pkwsfff9/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Blocklisted process makes network request
Downloads MZ/PE file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

AZORult

zip dd4612be6e9a57ea8b9ac95cfc1db5bf7b4b05b3ac837c582cddbd7f1e7aed93

AZORult

Shortcut (lnk) lnk 9b1a84b656f463c30a9e69bdd88c8e268354b3b3eccdd72725779517c016e464

AZORult

Java Script (JS) js 2fc9c32a7a88ad193cf3d24d25a93ddec1f20141a2d50fd68f5c77115abff5e8

AZORult

PowerShell (PS) ps1 f61e953b18744be06991184c5d58a618ebcdb53c4a64ed0236e9e9300eb2aacf

(this sample)

AZORult

Executable exe e3a406607f9de0b40935b0838b40f60dee58f63e69490f7dd9320d0e3293153c

  
Dropped by
SHA256 2fc9c32a7a88ad193cf3d24d25a93ddec1f20141a2d50fd68f5c77115abff5e8
  
Delivery method
Distributed via e-mail link
  
Dropping
SHA256 e3a406607f9de0b40935b0838b40f60dee58f63e69490f7dd9320d0e3293153c
  
Dropping
MD5 aa8c860b523bd4cbcf9fa48074c73489
  
Dropped by
MD5 d6637eef607e0f1ba48dd9bad3b70f03

Comments