Severity
Medium
Analysis Summary
AZORult is a payment card and credential information stealer. It was sold on Russian underground forums as a means to collect sensitive information from infected systems. The malware is also able to steal cookies, browsing history, cryptocurrency, and ID/passwords. Exploits such as phishing emails and Fallout Exploit Kit (EK) paired with social engineering techniques are major infection vectors of the AZORult malware. The malware can also be used as a loader to download other malware.
Impact
- Information Theft
- Credential Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 82be3b738b7b375f53a4bef3a37e4585
- 37fb9ee65758519d474bb478d98e726c
- 40c69c72bb95c7370a0e75e299370b77
- 8791a2b797c21d7830ea9ac9a8a5a5bd
- f4c0f47027ea961b2c3276fe4e2f2ede
- a9bfcb72b99376b9e9cb907d4d0ca390
- 180752c30cb36ad2320cdb74e36fb5a6
SHA-256
- 120fcd098c502894515feb3814bd6edc34ceb13648dcfae2a22c4f4e2166ace2
- b1eabb9ee4a7512da2beba587500936233aa63c4c210ca99ceafef24ca7b1976
- aae9e232abe6255663d52d2db42079a395e3e50f712b8a39f269116ed419f8c6
- 20ab52e4380262d3d83ddf0898b715d72d1feca497c566bfb952824cd6c76bc1
- 462f4e639cead04d64436b603d4e0a62816fcaa0b03c6390d6f2c6ff366da6c7
- c641763cf38618078eb1b366c251f26d6ae8f13ab5bbd9e83963df3bd88eaa14
- 342115e2b3702673e9f1baf63f0d801598b525b66388fd6af88a1a4666228482
SHA-1
- 417c1f005b106dbf326614ba4ac9c41c83abb267
- 2c714652b562b522bd763163a0fb59b995d3b00d
- 175087791edda7cacdf409c125fe3f0307d5a1df
- 64fb146114087b4bcc1fa0ca069bd936bfd81d8e
- 3c7259b2d9d56ed1cac3e497ecb6d4e376d29e24
- ba6fd7b093efc1c536d5f65ab601ca6d17c92f0f
- cdbc44d5365f4abaf6d093d6e78185370565f8a2
URL
- https[:]//keygensumo[.]com/sy/warez/
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.