November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – Lokibot Malware – Active IOCs
July 12, 2021Rewterz Threat Alert – Patchwork APT Targeting in Government of Pakistan – Active IOCs
July 12, 2021Rewterz Threat Alert – Lokibot Malware – Active IOCs
July 12, 2021Rewterz Threat Alert – Patchwork APT Targeting in Government of Pakistan – Active IOCs
July 12, 2021
Severity
Medium
Analysis Summary
AZORult is a payment card and credential information stealer. It was sold on Russian underground forums as a means to collect sensitive information from infected systems. The malware is also able to steal cookies, browsing history, cryptocurrency, and ID/passwords. Exploits such as phishing emails and Fallout Exploit Kit (EK) paired with social engineering techniques are major infection vectors of the AZORult malware. The malware can also be used as a loader to download other malware.
Impact
- Information Theft
- Credential Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- c61df8b07fcdcdd442bfd2a73102f2e3
SHA-256
- 325131729ab48a10ecb1a8ff30ee35f74ecff06618cf887a0802bda5cd356902
SHA1
- 916ca138209e7e918849b3b81cf9a4d5bcc8e9d8
URL
- http[:]//erolbasa[.]ac[.]ug/
- http[:]//erolbasa[.]ac[.]ug/main[.]php
- http[:]//erolbasa[.]ac[.]ug/mozglue[.]dll
- http[:]//erolbasa[.]ac[.]ug/sqlite3[.]dll
- http[:]//erolbasa[.]ac[.]ug/msvcp140[.]dll
- http[:]//erolbasa[.]ac[.]ug/nss3[.]dll
- http[:]//erolbasa[.]ac[.]ug/freebl3[.]dll
- http[:]//erolbasa[.]ac[.]ug/vcruntime140[.]dll
- http[:]//185[.]215[.]113[.]77/axfdgjkhdf[.]exea
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.