Azorult

Malware updated 5 months ago (2024-05-28T15:17:35.210Z)
Download STIX
Preview STIX
Azorult is a type of malware, or malicious software, that infiltrates systems to exploit and damage them, often without the user's knowledge. It has historically been one of the favored infostealers sold on the marketplace 2easy, alongside RedLine, Raccoon, Vidar, and Taurus. However, as of late February 2023, it stopped carrying Taurus and Azorult logs. The malware can be downloaded and executed through various means, including suspicious downloads, emails, websites, and even bogus Google Sites pages, as observed in a new campaign discovered by cybersecurity researchers on March 18, 2024. This sophisticated malware goes beyond simple data theft; it captures screenshots of the system, creating a comprehensive profile of the compromised system. The ultimate payload, a 32-bit Azorult .Net executable, exhibits a range of malicious activities. Subsequent stages include downloading an additional loader from a remote server, injecting shellcode into memory, and ultimately executing the Azorult malware. This meticulous multistage infection chain is carefully orchestrated to avoid detection, making Azorult a formidable adversary in the realm of cybersecurity. Despite its cessation on the 2easy marketplace, Azorult continues to pose a significant threat to cybersecurity due to its ability to adapt, employ obfuscation techniques, and execute entirely within the system’s memory. Victims whose credentials have been compromised by infostealers like Azorult have been notified by Resecurity. The resurgence of the Azorult malware highlights the ongoing risk it presents, with its complex campaign underscoring the continuous evolution and adaptation of cyber threats.
Description last updated: 2024-05-28T15:16:52.644Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Redline is a possible alias for Azorult. Redline is a notorious malware, known for its infostealing capabilities and widespread usage among cybercriminals. It is designed to steal personal data from victims' devices, including usernames, passwords, saved form data like addresses, email addresses, phone numbers, and cryptocurrency wallets.
5
Raccoon is a possible alias for Azorult. Raccoon is a malicious software (malware) developed by Russian-speaking coders, first spotted in April 2019. It was designed to steal sensitive data such as credit card information, email credentials, cryptocurrency wallets, and more from its victims. The malware is offered as a service (MaaS) for $
3
Amadey is a possible alias for Azorult. Amadey is a form of malware, a malicious software designed to exploit and damage computer systems. This particular malware is distributed via the Amadey loader, which can be disseminated through phishing emails or downloads from compromised sites. It has been observed that the individual behind the
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Payload
Loader
Infostealer
Downloader
Cybercrime
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Formbook Malware is associated with Azorult. Formbook is a type of malware, malicious software designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Formbook has been linked with other forms oUnspecified
2
Source Document References
Information about the Azorult Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Checkpoint
5 months ago
CERT-EU
7 months ago
CERT-EU
8 months ago
BankInfoSecurity
8 months ago
Securityaffairs
9 months ago
CERT-EU
10 months ago
CERT-EU
10 months ago
Securityaffairs
10 months ago
Securityaffairs
10 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
2 years ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago