Remcos RAT – Active IOCs
September 7, 2024Mars Stealer – Active IOCs
September 9, 2024Remcos RAT – Active IOCs
September 7, 2024Mars Stealer – Active IOCs
September 9, 2024Severity
Medium
Analysis Summary
The AZORULT malware is an information stealer which was discovered in 2016. This malware steals IDs, browsing history, cookies, passwords, and other information. AZORult serves as a malware downloader, and it was advertised on Russian underground forums as a way to extract sensitive data from compromised computers. This malware can steal browser history, bitcoin, ID, cookies, and passwords. Phishing emails and the Fallout Exploit Kit (EK), in combination with social engineering tactics, are the primary infection vectors for the AZORult virus. The virus can also act as a loader, allowing more malware to be downloaded.
Azorult is also known for its ability to download and install additional malware on the infected machine, such as ransomware or cryptocurrency miners. It is important to note that Azorult is constantly evolving, and new variants are being released regularly.
To protect yourself from Azorult and other types of malware, practicing good cybersecurity habits, such as keeping your operating system and software up to date, using a reputable antivirus program, and being cautious when opening email attachments or clicking links.
Impact
- Information Theft
- Credential Theft
- Exposure of Sensitive Data
Indicators of Compromise
MD5
- 8f391db2fc8b0c6be72425cd5e8f8369
- f34d46989b27c8a7c40d395b0afd9c86
- 61e488a7dca5e373cec43f8ff126428c
- 97cc0e7d7caa3483e4c5e5cff9fbe67e
- 1c8b5bc446ce36fadff5ee444c0d7085
SHA-256
- 856d0a974a7e4eefc2d79baaf9ff34aacc6cf0f721804299fbff8d90c661e190
- 0876a062221ba67194143bb2b1fc83d87b22860cf5e8cff64239b4b9dc251d11
- a5c710cd7d220f75e78f08ca89a3017ae08ad6761d57473e4a9f55df02c47d58
- 65e1b5713b271302e96bab80440f744c13c953749562603ea3ee03eda880f9ea
- 1dfc5e26c8fc4d0b4cfd8bf008b5ace5f4e512314f6ac4d8006b04c7217c26dd
SHA1
- c94fa3368eb4946aad49c82a613d3cbe40266a60
- e4a7ec238d8435b094c5a38a601e133da646b4fb
- 1bb2b75b211f0e2f67517876d76c3f0bf3457b70
- e74e03ad3d8f52ce5858a5e8208343fa04a2b367
- 20a3d75445c9d3a75cf430c2f28cd3879c37bdde
Remediation
- Block all threat indicators at your respective controls.
- Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls.
- Emails from unknown senders should always be treated with caution.
- Never trust or open links and attachments received from unknown sources/senders.