Severity
Medium
Analysis Summary
Active IoCs have been retrieved linked to the Azorult malware, that target and infect victims with the Azorult stealer. AZORult is a Trojan stealer that collects various data on infected computers and sends it to the C&C server, including browser history, login credentials, cookies, files from folders as specified by the C&C server (for example, all TXT files from the Desktop folder), cryptowallet files, etc.
Impact
- Credential Theft
- Exposure of sensitive information
Indicators of Compromise
URL
- https[:]//drnaseri-pharmacy-24h[.]com/wp-content/plugins/bbpress/includes/core/core/hfgt67rhgf/index[.]php
- http[:]//209[.]141[.]54[.]122/vin/index[.]php
- http[:]//exportersgateway[.]com/scr/em/index[.]php
- http[:]//specialtyaltruistic[.]com/ab/esuerde[.]exe
- http[:]//qdrenfa[.]com/~zadmin/lk/a/az/ch/index[.]php
- http[:]//185[.]222[.]57[.]246/key/index[.]php
- http[:]//217[.]8[.]117[.]77/ohtredfga[.]exe
- http[:]//217[.]8[.]117[.]77/ajhtredfga[.]exe
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.