Azorult

Malware updated 6 months ago (2024-05-28T15:17:35.210Z)

Download STIX

Preview STIX

Azorult is a type of malware, or malicious software, that infiltrates systems to exploit and damage them, often without the user's knowledge. It has historically been one of the favored infostealers sold on the marketplace 2easy, alongside RedLine, Raccoon, Vidar, and Taurus. However, as of late February 2023, it stopped carrying Taurus and Azorult logs. The malware can be downloaded and executed through various means, including suspicious downloads, emails, websites, and even bogus Google Sites pages, as observed in a new campaign discovered by cybersecurity researchers on March 18, 2024. This sophisticated malware goes beyond simple data theft; it captures screenshots of the system, creating a comprehensive profile of the compromised system. The ultimate payload, a 32-bit Azorult .Net executable, exhibits a range of malicious activities. Subsequent stages include downloading an additional loader from a remote server, injecting shellcode into memory, and ultimately executing the Azorult malware. This meticulous multistage infection chain is carefully orchestrated to avoid detection, making Azorult a formidable adversary in the realm of cybersecurity. Despite its cessation on the 2easy marketplace, Azorult continues to pose a significant threat to cybersecurity due to its ability to adapt, employ obfuscation techniques, and execute entirely within the system’s memory. Victims whose credentials have been compromised by infostealers like Azorult have been notified by Resecurity. The resurgence of the Azorult malware highlights the ongoing risk it presents, with its complex campaign underscoring the continuous evolution and adaptation of cyber threats.

Description last updated: 2024-05-28T15:16:52.644Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Redline is a possible alias for Azorult. RedLine is a type of malware, a malicious software designed to exploit and damage computer systems. It often infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. RedLine has been favored by threat actor	5
Raccoon is a possible alias for Azorult. Raccoon is a malicious software (malware) developed by Russian-speaking coders, first spotted in April 2019. It was designed to steal sensitive data such as credit card information, email credentials, cryptocurrency wallets, and more from its victims. The malware is offered as a service (MaaS) for $	3
Amadey is a possible alias for Azorult. Amadey is a malicious software (malware) that has been known since 2018 and is notorious for stealing credentials from popular browsers and various Virtual Network Computing (VNC) systems. The malware, which is often sold in underground forums, uses sophisticated techniques to infect systems, includ	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Payload

Loader

Infostealer

Downloader

Cybercrime

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Formbook Malware is associated with Azorult. Formbook is a type of malware, malicious software designed to exploit and damage computer systems. It infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Formbook has been linked with other forms o	Unspecified	2

Source Document References

Information about the Azorult Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Checkpoint	6 months ago	Static Unpacking for the Widespread NSIS-based Malicious Packer Family - Check Point Research
CERT-EU	8 months ago	Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites
CERT-EU	9 months ago	Alert: Info Stealers Target Stored Browser Credentials
BankInfoSecurity	9 months ago	Alert: Info Stealers Target Stored Browser Credentials
Securityaffairs	10 months ago	Hundreds of network operators’ credentials found circulating in Dark Web
CERT-EU	10 months ago	Azorult Malware Resurgence: Dark Web Campaign Revealed
CERT-EU	10 months ago	December 2023's Most Wanted Malware : The Resurgence of Qbot and FakeUpdates – Global Security Mag Online
Securityaffairs	a year ago	Experts warn of JinxLoader loader used to spread Formbook and XLoader
Securityaffairs	a year ago	New Version of Meduza Stealer Released in Dark Web
CERT-EU	a year ago	Update: The 2023 Malware League Table
CERT-EU	a year ago	LokiBot Information Stealer Packs Fresh Infection Strategies
CERT-EU	a year ago	August 2023's Most Wanted Malware : New ChromeLoader Campaign Spreads Malicious Browser Extensions while QBot is Shut Down by FBI – Global Security Mag Online
CERT-EU	a year ago	Cyber Security Week in Review: August 18, 2023
CERT-EU	a year ago	Malware leveraged to create massive proxy botnet
Securityaffairs	2 years ago	TrickGate, a packer used by malware to evade detection since 2016
CERT-EU	a year ago	Over 100K hackers fall victim to infostealer malware
CERT-EU	a year ago	Updated Raccoon Stealer better evades detection
CERT-EU	a year ago	Cyber Security Today, August 16, 2023 – Discord.io database of 760,000 up for sale, LinkedIn under attack and more MOVEit victims \| IT World Canada News
Securityaffairs	a year ago	Credentials for cybercrime forums found on roughly 120K computers infected with info stealers
CERT-EU	a year ago	More than 100,000 hackers have details exposed through malware on cyber crime forums - TechCentral.ie