February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2023-25695 – Apache Airflow Vulnerability
March 27, 2023Rewterz Threat Advisory – ICS: Rockwell Automation ThinManager ThinServer Vulnerability
March 27, 2023Rewterz Threat Advisory – CVE-2023-25695 – Apache Airflow Vulnerability
March 27, 2023Rewterz Threat Advisory – ICS: Rockwell Automation ThinManager ThinServer Vulnerability
March 27, 2023
Severity
Medium
Analysis Summary
The AZORULT malware is an information stealer which was discovered in 2016. This malware steals IDs, browsing history, cookies, passwords, and other information. AZORult serves as a malware downloader, and it was advertised on Russian underground forums as a way to extract sensitive data from compromised computers. Browser history, bitcoin, ID, cookies, and passwords can be stolen by this malware. Phishing emails and the Fallout Exploit Kit (EK), in combination with social engineering tactics, are the primary infection vectors for the AZORult virus. The virus can also act as a loader, allowing more malware to be downloaded.
Azorult is also known for its ability to download and install additional malware on the infected machine, such as ransomware or cryptocurrency miners. It is important to note that Azorult is constantly evolving, and new variants are being released regularly.
To protect yourself from Azorult and other types of malware, it is important to practice good cybersecurity habits, such as keeping your operating system and software up to date, using a reputable antivirus program, and being cautious when opening email attachments or clicking on links.
Impact
- Information Theft
- Credential Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- baf9ca75d335e33b6bc63ffe2f7149d9
- 653b919e0bc78bcda063ac6bf3d6bdab
- 83e267e5024a25d7e3abbcd6ee2bc9ac
- 70b0e5a80f2e397b8fb6b10c748cb8e2
SHA-256
- 2a3b9417a90179a848e9dd0cb628bc88042d284505901f092aa77a360c09e405
- a6f625e40e8b7523312b9a40ce6f3080b3475b9ff349e17785bdf7b6e0cd78c1
- 2d991a35845409eb5d8b37271b0c650c4a2c56a9203973b71c161a03f8d5a254
- 1994253973e360af9b9632c4bcd735e13beb88e8283f7c97eba22ddf3b03d564
SHA-1
- 3e4c29a668ab5db7a2e3fc3ed0d7cce90cd3111c
- 21d921ef9ef1dcc81626133de4ffbfdcc1728274
- 8067415b150d678301f2962a3d2eccb18d35b9b1
- 7d565d6f5650c1cdd001bbb8036ca6b807995803
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Emails from unknown senders should always be treated with caution.
- Never trust or open links and attachments received from unknown sources/senders.