Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
September 7, 2021Rewterz Threat Alert – Red Line Malware – Active IOCs
September 7, 2021Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
September 7, 2021Rewterz Threat Alert – Red Line Malware – Active IOCs
September 7, 2021Severity
High
Analysis Summary
AZORult is a payment card and credential information stealer. It was sold on Russian underground forums as a means to collect sensitive information from infected systems. The malware is also able to steal cookies, browsing history, cryptocurrency, and ID/passwords. Exploits such as phishing emails and Fallout Exploit Kit (EK) paired with social engineering techniques are major infection vectors of the AZORult malware. The malware can also be used as a loader to download other malware.
Impact
- Information Theft
- Credential Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 7c5d685a701f5d51f90bbd5ef6e84582
- 843ea2859045a15ce78ec7a608c25f4c
- f1abd006f74ed9a863588e331ea18f6d
SHA-256
- 06bc17a2517d3c471c978b342e512234a3f9a8eb16e938e7be57b1b67da99bea
- 323f5032279ea5c13d9c5acf30c0cf1240a2ab05584b49c33e1a8a687e06c555
- 7b4cab32e99bd70b86b128f7379dd6214fa0021dbc2f8e308d30536837308889
SHA-1
- 903d75369b375b2e5552fe9f17a069216502a01c
- 38d8aae4058bad7f568bddaade7fd7ec3e3d62ce
- 4ab6acd3badb9837513c821978e0be582ad6b649
URL
- https[:]//goggle[.]com
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.