Rewterz Threat Alert – Newly Discovered Malware Framework Cashing in on Ad Fraud
July 23, 2019Rewterz Threat Advisory – CVE-2019-10974 – NREL EnergyPlus Denial of Service and Code Execution Vulnerability
July 24, 2019Rewterz Threat Alert – Newly Discovered Malware Framework Cashing in on Ad Fraud
July 23, 2019Rewterz Threat Advisory – CVE-2019-10974 – NREL EnergyPlus Denial of Service and Code Execution Vulnerability
July 24, 2019Severity
High
Analysis Summary
AZORult is a Trojan stealer that collects various data on infected computers and sends it to the C&C server, including browser history, login credentials, cookies, files from folders as specified by the C&C server (for example, all TXT files from the Desktop folder), cryptowallet files, etc.; the malware can also be used as a loader to download other malware. Kaspersky Lab products detect the stealer as Trojan-PSW.Win32.Azorult.
Impact
- Credential theft
- Exposure of sensitive information
Indicators of Compromise
URLs
- gamemode[.]pk
- getcars[.]pk
- gonza[.]top
- greatflip[.]best
- jelfing[.]xyz
- loidwas[.]com
- n34y13a4[.]beget[.]tech
- petitbox[.]top
- random[.]pk
- rollscar[.]pk
- service-shop-for-you[.]ml
- ttcopy[.]ru
- vputin[.]pk
- warface-sosatb[.]myjino[.]ru
- www[.]lootchem[.]com
Malware Hash (MD5/SHA1/SH256)
- 8ec27cad0506cdf295e5c46e1bb0dccef9ac71bbd084230f862fbce55ed91b34
- 93699b246af83936002dc8d702d304c3
- 9794e2b45f4bfbebd0d0d291c81be018
- a192c88ede804c26bb2c7882270bc74b1258b54d
- a282dbb081e747076662c1b650485fb73f425b79
- a822b56c12aac754144720ede04229536557337b09273041616a329a3127b128
- abb45f5d7fa560a26fab34e05d2d1d5f0cae6dfa
- b90a492e3eb9fbc3d274525f6aa18b7d67daa83b
- c2702e3233cd4ddd82ea826fb65ba2bb585fd159d72870ea73aaf94887949926
- cc6164d1bd2bb9fbc837db833abaf5dd
- cd3faecc981ddd62b34e2c33fc36747f073f02b76047e3ea04aa7a39d3dfb640
- d71d0ce7c435b5251899f020a68d0451fa52e1dabecee1b73cc389d7ac837e80
- d9f5821f1f919f1fdc5e05c260230c08e8b848a7d4bd69b9a645c5afafdcb2a0
- deef7c372c50459a8e7a0c7777b343f658f9a857
- e63be01cf466daceadaa7ee4817e3797df063cbfd5b1fcc2cd500ca94993b6e8
- ef6f43d240adc11acb0da331747191db8f64452cc5a1423f77f0da7c94f741c6
- f0363ea7f297aaa308289ff12ac97df6ae45b8ea
- f7ae81c552897f3a189fb151f7c23221
- f8d101decf1813b465c0457a27ad1341
- fb98a82fd756f37cec47ad8711f7e111e7f495d31e3f519000376fd570a9fe70
- fe180ab0978a0e9adccb96d2dc8906d212e4af5e
- fe5db5b4fea9b1ea876f9dd9a5faa2c9
Remediation
- Block all threat indicators at your respective controls.
- Always be suspicious about emails sent by unknown senders.
- Never click on the link/ attachments sent by unknown senders.