AZORult

AZORult is a trojan malware that harvests and exfiltrates data from the compromised system. It is installed on a system via a first-stage malware, such as Seamless. The malware searches for the following information and sends it to its C2 server:

  • Saved passwords, such as those from browsers, email and FTP servers;
  • Cookies from browsers and forms, including autofill;
  • wallet.dat files from popular bitcoin clients;
  • Skype message history;
  • Files from chat history;
  • Desktop files;
  • Files with specified extensions from Desktop and files in folders;
  • List of installed programs;
  • List of running processes; and
  • Username, computer name, and operating system type.

Reporting

Technical Details

  • Threatstop provides additional details here.