Rewterz Threat Alert – Vidar Malware – Active IOCs
August 16, 2021Rewterz Threat Alert – Remcos RAT – Fresh IOCs
August 16, 2021Rewterz Threat Alert – Vidar Malware – Active IOCs
August 16, 2021Rewterz Threat Alert – Remcos RAT – Fresh IOCs
August 16, 2021Severity
Medium
Analysis Summary
AZORult is a payment card and credential information stealer. It was sold on Russian underground forums as a means to collect sensitive information from infected systems. The malware is also able to steal cookies, browsing history, cryptocurrency, and ID/passwords. Exploits such as phishing emails and Fallout Exploit Kit (EK) paired with social engineering techniques are major infection vectors of the AZORult malware.The malware can also be used as a loader to download other malware.
Impact
- Information Theft
- Credential Theft
- Exposure of Sensitive Data
Indicators of Compromise
Filename
- MXAaEzLhh8thDM0t4REtqvLp[.]exe
MD5
- 908fa1446bc3cc61c7f05e0f56067705
- a3e56bd926b686267d164d3ded675759
- d5de571a02a16f21275c0b0a5b813b84
SHA-256
- b2ff33ba5fb21b6ac2d560930be90451eb2197b75c781d162bf321149fe1323f
- c5d36d877e2a3cbc480e8840176cff740f0f07ed7a01230e9dc5f6612a9d121f
- 200f7db0d7b41872fc242e81e810ef99bb816e581dcb5f73867965db01b8e77b
SHA1
- 195948e4b235aa486ffe4f3c22fa5bcea4bb8ea4
- 392a8deedfe6f6a7ac3e874b99ea531dabe473c6
- 4ac7021150beebcb2dc573b2720a7c054cb35ede
URL
- http[:]//94[.]130[.]227[.]45/x[.]rar
- https[:]//cracknet[.]net
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.