AZORult is a trojan malware that harvests and exfiltrates data from the compromised system. It is installed on a system via a first-stage malware, such as Seamless. The malware searches for the following information and sends it to its C2 server:
- Saved passwords, such as those from browsers, email and FTP servers;
- Cookies from browsers and forms, including autofill;
- wallet.dat files from popular bitcoin clients;
- Skype message history;
- Files from chat history;
- Desktop files;
- Files with specified extensions from Desktop and files in folders;
- List of installed programs;
- List of running processes; and
- Username, computer name, and operating system type.
Reporting
- January 2018: AZORult is being delivered via the RIG EK and Ramnit trojan. (Malware-Traffic-Analysis)
Technical Details
- Threatstop provides additional details here.
