Azorult

Malware updated 3 months ago (2024-05-28T15:17:35.210Z)

Download STIX

Preview STIX

Azorult is a type of malware, or malicious software, that infiltrates systems to exploit and damage them, often without the user's knowledge. It has historically been one of the favored infostealers sold on the marketplace 2easy, alongside RedLine, Raccoon, Vidar, and Taurus. However, as of late February 2023, it stopped carrying Taurus and Azorult logs. The malware can be downloaded and executed through various means, including suspicious downloads, emails, websites, and even bogus Google Sites pages, as observed in a new campaign discovered by cybersecurity researchers on March 18, 2024. This sophisticated malware goes beyond simple data theft; it captures screenshots of the system, creating a comprehensive profile of the compromised system. The ultimate payload, a 32-bit Azorult .Net executable, exhibits a range of malicious activities. Subsequent stages include downloading an additional loader from a remote server, injecting shellcode into memory, and ultimately executing the Azorult malware. This meticulous multistage infection chain is carefully orchestrated to avoid detection, making Azorult a formidable adversary in the realm of cybersecurity. Despite its cessation on the 2easy marketplace, Azorult continues to pose a significant threat to cybersecurity due to its ability to adapt, employ obfuscation techniques, and execute entirely within the system’s memory. Victims whose credentials have been compromised by infostealers like Azorult have been notified by Resecurity. The resurgence of the Azorult malware highlights the ongoing risk it presents, with its complex campaign underscoring the continuous evolution and adaptation of cyber threats.

Description last updated: 2024-05-28T15:16:52.644Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Redline	5	RedLine is a notorious malware that has been widely used by cybercriminals to steal sensitive information. This malicious software infiltrates systems through suspicious downloads, emails, or websites and can cause significant damage by stealing personal data or disrupting operations. RedLine's conf
Raccoon	3	Raccoon is a type of malware, specifically an infostealer, used predominantly by the Scattered Spider threat actors to obtain login credentials, browser cookies, and histories. This malicious software, which is sold as Malware-as-a-Service (MaaS) on dark web forums, is both effective and inexpensive
Amadey	2	Amadey is a sophisticated malware that has been identified as being used in various malicious campaigns. The malware is typically delivered through GuLoader, a loader known for its use in protecting payloads against antivirus detection. Analysis of the infection chains revealed encrypted Amadey payl

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Payload

Loader

Infostealer

Downloader

Cybercrime

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Formbook	Unspecified	2	Formbook is a type of malware, short for malicious software, designed to exploit and damage computers or devices. It was first discovered in 2016 and has since been used in various cyber attacks worldwide. The malware can infect systems through suspicious downloads, emails, or websites, often withou

Source Document References

Information about the Azorult Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Checkpoint	3 months ago	Static Unpacking for the Widespread NSIS-based Malicious Packer Family - Check Point Research
CERT-EU	6 months ago	Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites
CERT-EU	6 months ago	Alert: Info Stealers Target Stored Browser Credentials
BankInfoSecurity	6 months ago	Alert: Info Stealers Target Stored Browser Credentials
Securityaffairs	7 months ago	Hundreds of network operators’ credentials found circulating in Dark Web
CERT-EU	8 months ago	Azorult Malware Resurgence: Dark Web Campaign Revealed
CERT-EU	8 months ago	December 2023's Most Wanted Malware : The Resurgence of Qbot and FakeUpdates – Global Security Mag Online
Securityaffairs	8 months ago	Experts warn of JinxLoader loader used to spread Formbook and XLoader
Securityaffairs	8 months ago	New Version of Meduza Stealer Released in Dark Web
CERT-EU	a year ago	Update: The 2023 Malware League Table
CERT-EU	a year ago	LokiBot Information Stealer Packs Fresh Infection Strategies
CERT-EU	a year ago	August 2023's Most Wanted Malware : New ChromeLoader Campaign Spreads Malicious Browser Extensions while QBot is Shut Down by FBI – Global Security Mag Online
CERT-EU	a year ago	Cyber Security Week in Review: August 18, 2023
CERT-EU	a year ago	Malware leveraged to create massive proxy botnet
Securityaffairs	2 years ago	TrickGate, a packer used by malware to evade detection since 2016
CERT-EU	a year ago	Over 100K hackers fall victim to infostealer malware
CERT-EU	a year ago	Updated Raccoon Stealer better evades detection
CERT-EU	a year ago	Cyber Security Today, August 16, 2023 – Discord.io database of 760,000 up for sale, LinkedIn under attack and more MOVEit victims \| IT World Canada News
Securityaffairs	a year ago	Credentials for cybercrime forums found on roughly 120K computers infected with info stealers
CERT-EU	a year ago	More than 100,000 hackers have details exposed through malware on cyber crime forums - TechCentral.ie