Severity
High
Analysis Summary
AZORult is a payment card and credential information stealer. It was sold on Russian underground forums as a means to collect sensitive information from infected systems. The malware is also able to steal cookies, browsing history, cryptocurrency, and ID/passwords. Exploits such as phishing emails and Fallout Exploit Kit (EK) paired with social engineering techniques are major infection vectors of the AZORult malware. The malware can also be used as a loader to download other malware.
Impact
- Information Theft
- Credential Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 6205247c189a3955614350e2dc81f4c6
- 744361c1728393f619216f874f6d874d
SHA-256
- 28c495032494011c1b70b68ce584a929841ba9ba0d22a83e4084e886f6db2721
- 8185bb58f4a49dc3a96da380986f7d387b8b223605c898f458d6d9b66355b9ee
SHA-1
- ef6e2bf41b35849460ee85e29833488f43c045e4
- f6292e3c5ddcd694d9c4bc274b9ad18b1bced06d
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.
- Never click on links sent by unknown senders.