

Trickbot Banking Trojan Distributed via Malspam – IOCs
April 16, 2020
Rewterz Threat Alert – “Twin Flower” Campaign Downloads Files, Steals Data
April 16, 2020
Trickbot Banking Trojan Distributed via Malspam – IOCs
April 16, 2020
Rewterz Threat Alert – “Twin Flower” Campaign Downloads Files, Steals Data
April 16, 2020Severity
Medium
Analysis Summary
AZORult is a Trojan stealer that collects various data on infected computers and sends it to the C&C server, including browser history, login credentials, cookies, files from folders as specified by the C&C server (for example, all TXT files from the Desktop folder), cryptowallet files, etc.
The malware can also be used as a loader to download other malware.
Impact
- Information theft
- Credential theft
- Exposure of sensitive data
Indicators of Compromise
URL
- https[:]//rentfare[.]com/priv/New
- https[:]//emamdouh1949[.]me/temp/JBPOWNH[.]txt
- http[:]//192[.]119[.]73[.]212/index[.]php
- http[:]//192[.]119[.]73[.]212/msoffice[.]exe
- https[:]//medireab[.]ga/temp/index[.]php
- http[:]//medireab[.]ga[:]443/temp/index[.]php
- https[:]//z[.]zz[.]ht/GNpZM[.]txt
- http[:]//47[.]244[.]184[.]204/index[.]php
- http[:]//207[.]154[.]254[.]63/svs[.]exe
- http[:]//ghbjdfvbxc[.]ru/index[.]php
Remediation
- Block all threat indicators at your respective controls.
- Search for IOC’s in your environment