Rewterz Threat Alert – Emotet – Active IOCs
October 4, 2021Rewterz Threat Alert – CryptBot Trojan – Active IOCs
October 4, 2021Rewterz Threat Alert – Emotet – Active IOCs
October 4, 2021Rewterz Threat Alert – CryptBot Trojan – Active IOCs
October 4, 2021Severity
High
Analysis Summary
AZORult is a payment card and credential information stealer. It was sold on Russian underground forums as a means to collect sensitive information from infected systems. The malware is also able to steal cookies, browsing history, cryptocurrency, and ID/passwords. Exploits such as phishing emails and Fallout Exploit Kit (EK) paired with social engineering techniques are major infection vectors of the AZORult malware. The malware can also be used as a loader to download other malware.
Impact
- Information Theft
- Credential Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 5e9894673cf92d29b76c2b8b7072f6d7
- 737b267a3fde7471b5d5ebbfc1f0c9c3
- 1c14f817504c54653c779387de0a058a
- f6a5ed7c8eb538950f1b30417d8db1c6
- 7a60acaf65f127400b823c61370a1d9f
- 39aa03c8bedfeb3ffec83ea5dff33e47
SHA-256
- 558eb17bfb782279ad486d1907362e12ef80a24f78b20ccce7ed2175bc295fb5
- fc9711175cc7f08d0da83e99973adab75b553a2af541bf0ff28f4214d5aeaf66
- 394c61c695af669dcfe4d3dcf73de5099ed8e7fea036dd25f45ff6d234f9547a
- 314afbf4a221c8ce6f8d2674277a3c2fb119c34222b5c3ed83afd79005e352f4
- 6636742d80d9d1d0b83a3b10c95ab49b353b2a70e17763352e539c313076a3dd
- d8043d746dc108ac0966b502b68ddeaba575e841edfa269e8392a747c6d63015
SHA-1
- 232f667212a2d417478ec31ec8757c884fd3eea9
- 12d72e66f6ca4a0c2f7c4e27f89c716bfb1fb2df
- 87e8826484135a91d14a610176f7ed6347ebdc5d
- e615250dad4a0df447f2f20cccd6ae21df91c1fa
- 3cc3f3016767ffc561f84f1f07e94937cb9982fd
- 52fcffd16126dfe192f5956edccb5259eb8c5b91
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.