Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Fortinet FortiProxy and FortiOS Vulnerabilities
March 10, 2023
Rewterz
Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
March 11, 2023

Rewterz Threat Alert – AZORult Malware – Active IOCs

Severity

High

Analysis Summary

The AZORULT malware is an information stealer which was discovered in 2016. This malware steals IDs, browsing history, cookies, passwords, and other information. AZORult serves as a malware downloader and it was advertised on Russian underground forums as a way to extract sensitive data from compromised computers. Browser history, bitcoin, ID, cookies, and passwords can be stolen by this malware. Phishing emails and the Fallout Exploit Kit (EK), in combination with social engineering tactics, are the primary infection vectors for the AZORult virus. The virus can also act as a loader, allowing more malware to be downloaded

Impact

  • Information Theft
  • Credential Theft
  • Exposure of Sensitive Data

Indicators of Compromise

MD5

  • 7531ca10621e42d535f45cc4d2ed34b0
  • 80282ad96280b9d042bc8b51beb0ed35
  • 5f751f16ee50617273bba9a68509db86
  • 5973e7a8ff64a46f05178481b1a56387
  • 7fda12c08f81fdce509bcc01dc14803e
  • 9c3509a3e69da8213d8b30fa4e8294d4
  • df91f932202c42df05298698fa280f70
  • 7a4a2d9a9c0e06bae3a665a75ff3031a
  • 554885423c727bb195213a01e21b3a1e
  • cffb2d225666a8d6f680f933ce8502f6

SHA-256

  • b97a3c05965d5d5ff7f9144bfb97205b441ad58ed8e5a8034e2b65875d398840
  • a83d87e69c81b4184d9915e94ffe9d369fefd3a44e21e3f57573e8bd73cd741f
  • 9c8bfcd8ad18ec4b11da661f68b7991c3d4e13c1727e8ec52065c044dd993ae2
  • 9be89e8e477289930ecb21cc8da2b4e65ae31bd3d1704132a366146a67f9b39c
  • 92b7854ba71147830f18aa046214efd0e6cf2ad12424d766ba2f474132b02581
  • 71998d75da35ae3428c97c5866d685cddfd54ee825ad562c8139972821479478
  • 6f40c3693cd20064b2be64cfc30c336efef0ee518a9ac48bf43d6a0e15c1ff9f
  • 3228b45341f90b12f8dc7fb180ed1fb38fa22e02cb16d2f4dd3c9ffcc61524bb
  • 285fc71741eb0666b9f371d296328b64f91e1f7adcd727f5c998ea8f7cea9419
  • 2826c8a6951e891fba6bdaeace20e957247bea11c5fed90bed40b9398b2f181a

SHA-1

  • 12c97a531bb99fc2b2570f8c964bccecebc2de9c
  • 036c13b1d3163268de8df9af13e3a1cbf686c0be
  • aae5bf6b9454b690799dc9c08ceb431ede9d7a34
  • 73978eaf526180759309e0c0ea49d2c64b905e7a
  • 379e611c2fa1a66cfd7dfef8a1e697ac11b4f7c8
  • 37bf9b3fda617a951cdd2e564c9a1a2bf33b8f68
  • 815aef5ae155c3792312b743561d6da18baffb55
  • f0d5e8c812d6eb2f43d3eadec52ecf56ab5ca31c
  • 67dab5809c424b882959e41dc77e88ce4a26fa1c
  • 6f02eea30f4ca334fe50465effa5a76b916e0c2d

Remediation

  • Block all threat indicators at your respective controls.
  • Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
  • Emails from unknown senders should always be treated with caution.
  • Never trust or open links and attachments received from unknown sources/senders.