March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – RedLine Stealer – Active IOCs
November 15, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
November 15, 2021Rewterz Threat Alert – RedLine Stealer – Active IOCs
November 15, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
November 15, 2021
Severity
High
Analysis Summary
AZORult is a payment card and credential information stealer. It was sold on Russian underground forums as a means to collect sensitive information from infected systems. The malware is also able to steal cookies, browsing history, cryptocurrency, and ID/passwords. Exploits such as phishing emails and Fallout Exploit Kit (EK) paired with social engineering techniques are major infection vectors of the AZORult malware. The malware can also be used as a loader to download other malware.
Impact
- Information Theft
- Credential Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 5c1517e5b5419f5d30fe9b6ad4581c9b
SHA-256
- 31d0bc059f661f56de4c0af4ef3bf64806893bb6e8742ba6a43b6594dde7e681
SHA-1
- 2cdc04fe1aabb22f57093fbfd1cd2ea852c42760
URL
- http[:]//auxinity[.]000webhostapp[.]com/index[.]php
- http[:]//ailsom[.]ac[.]ug/pm[.]exe
- http[:]//ailsom[.]ac[.]ug/cc[.]exe
- http[:]//matisaas[.]ac[.]ug/asdfg[.]exe
- http[:]//colonna[.]ac[.]ug/
- http[:]//colonna[.]ac[.]ug/main[.]php
- http[:]//colonna[.]ac[.]ug/vcruntime140[.]dll
- http[:]//colonna[.]ac[.]ug/sqlite3[.]dll
- http[:]//colonna[.]ug/index[.]php
- http[:]//colonna[.]ac[.]ug/mozglue[.]dll
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links sent by unknown senders.