Severity
Medium
Analysis Summary
AZORult is a payment card and credential information stealer. It was sold on Russian underground forums as a means to collect sensitive information from infected systems. The malware is also able to steal cookies, browsing history, cryptocurrency, and ID/passwords. Exploits such as phishing emails and Fallout Exploit Kit (EK) paired with social engineering techniques are major infection vectors of the AZORult malware.The malware can also be used as a loader to download other malware.
Impact
- Information Theft
- Credential Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 4e29200e64b17b863a40a2aac18297d0
- cb1fef1a16b7fc3851b569ffb51e17d9
SHA-256
- b0831c1f23202cd936470a346b97d37f39a27a364db9a15f3d2d5d33bb53de13
- bdd500e8d7fadf83d80b3e1e6affbf60af92dff9d0b902b353e6ddad657445da
SHA-1
- 0b455c0ec403245ce1c8b54bc0c6dd6a83b9ac56
- 00373b44ad8558dd23832f3aba6b031acbad706e
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.