AZORult
Description
(Kaspersky) The AZORult Trojan is one of the most commonly bought and sold stealers in Russian forums. Despite the relatively high price tag ($100), buyers like AZORult for its broad functionality (for example, the use of .bit domains as C&C servers to ensure owner anonymity and to make it difficult to block the C&C server), as well as its high performance. Many comment leavers recommend it.
AZORult is a Trojan stealer that collects various data on infected computers and sends it to the C&C server, including browser history, login credentials, cookies, files from folders as specified by the C&C server (for example, all TXT files from the Desktop folder), cryptowallet files, etc.; the malware can also be used as a loader to download other malware. Kaspersky Lab products detect the stealer as Trojan-PSW.Win32.Azorult. Our statistics show that since the start of 2019, users in Russia and India are the most targeted.
Names
| Name |
|---|
| AZORult |
| PuffStealer |
| Rultazo |
Category
Malware
Type
- Info stealer
- Credential stealer
- Downloader
Information
- https://securelist.com/azorult-analysis-history/89922/
- https://threatvector.cylance.com/en_us/home/threat-spotlight-analyzing-azorult-infostealer-malware.html
- https://blog.minerva-labs.com/puffstealer-evasion-in-a-cloak-of-multiple-layers
- https://blog.minerva-labs.com/azorult-now-as-a-signed-google-update
- https://www.proofpoint.com/us/threat-insight/post/new-version-azorult-stealer-improves-loading-features-spreads-alongside
- https://www.blueliv.com/blog-news/research/azorult-crydbrox-stops-sells-malware-credential-stealer/
- https://research.checkpoint.com/the-emergence-of-the-new-azorult-3-3/
- https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites
Mitre Attack
Malpedia
Other Information
Uuid
ce88f834-afbf-4d8b-8ca6-43b7fde7bdf2
Last Card Change
2024-04-22