March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – CVE-2023-37463 – Github Vulnerability
July 18, 2023
Rewterz Threat Alert – STRRAT Malware – Active IOCs
July 18, 2023
Rewterz Threat Advisory – CVE-2023-37463 – Github Vulnerability
July 18, 2023
Rewterz Threat Alert – STRRAT Malware – Active IOCs
July 18, 2023
Severity
Medium
Analysis Summary
The AZORULT malware is an information stealer which was discovered in 2016. This malware steals IDs, browsing history, cookies, passwords, and other information. AZORult serves as a malware downloader, and it was advertised on Russian underground forums as a way to extract sensitive data from compromised computers. Browser history, bitcoin, ID, cookies, and passwords can be stolen by this malware. Phishing emails and the Fallout Exploit Kit (EK), in combination with social engineering tactics, are the primary infection vectors for the AZORult virus. The virus can also act as a loader, allowing more malware to be downloaded.
Azorult is also known for its ability to download and install additional malware on the infected machine, such as ransomware or cryptocurrency miners. It is important to note that Azorult is constantly evolving, and new variants are being released regularly.
To protect yourself from Azorult and other types of malware, it is important to practice good cybersecurity habits, such as keeping your operating system and software up to date, using a reputable antivirus program, and being cautious when opening email attachments or clicking on links.
Impact
- Information Theft
- Credential Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 5a44b50b3e3c0dff6873360be4bb3fb0
- ab2200f5e4c9681fa4fe25222273c6e7
- d5d3f11ec57ac1722ca2ac9fab41b480
- 22fbe5afc59b103b2e61d057b43f8347
SHA-256
- c828cbb41945322c3294bd70c8c6423ae001604c3fa725422d0de59dd7e653b7
- 72ffc82b01f8ac87e36ff179df7806f66601c65c60f477b9bbcd2cbbd812dc92
- 8749c26002857510a8faf45fe42730aaa48bd73cc7f99fd181e776b383729f36
- 5629a3ae6193f39e3d63b927f028e1e06cde3a1e7fd1c11a1bd22859db3be241
SHA-1
- ee0c582eaa44a1f710f99766fcaaed2860f0ea6c
- a7666c9ac422d604e2d80201a92b2b3eabca2665
- 01afaeee09ed81e9f209899ccb8653ee74005f1b
- 9244689871941902ab5de2b54b75a1f3918a1d62
Remediation
- Block all threat indicators at your respective controls.
- Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
- Emails from unknown senders should always be treated with caution.
- Never trust or open links and attachments received from unknown sources/senders.
- Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using multi-layered protection is necessary to secure vulnerable assets
- Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.