Rewterz Threat Alert – Nanocore Rat – Fresh IOCs
August 10, 2021Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
August 10, 2021Rewterz Threat Alert – Nanocore Rat – Fresh IOCs
August 10, 2021Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
August 10, 2021Severity
Medium
Analysis Summary
AZORult is a payment card and credential information stealer. It was sold on Russian underground forums as a means to collect sensitive information from infected systems. The malware is also able to steal cookies, browsing history, cryptocurrency, and ID/passwords. Exploits such as phishing emails and Fallout Exploit Kit (EK) paired with social engineering techniques are major infection vectors of the AZORult malware. The malware can also be used as a loader to download other malware.
Impact
- Information Theft
- Credential Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- bf88f6a18838de44403fea24b330be48
SHA-256
- 8517738b158a4f15ad9fb58ac7bdd9d3f42c605c46f45c8cabba6dd9c4ab8d74
SHA-1
- 80fd3bff15fd69ecfa8a8ec1c4a0ee8d5f544844
URL
- http[:]//lastimaners[.]ug/asdfg[.]exe
- http[:]//lastimaners[.]ug/zxcv[.]EXE
- http[:]//lastimaners[.]ug/asdf[.]EXE
- http[:]//94[.]158[.]245[.]253//l/f/o-POunoBagrSXdgRlxjK/d4e715b5a38d3d0f3e8dbeac2c04fd9afcea3fb7
- http[:]//lastimaners[.]ug/zxcvb[.]exe
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment