AZORult

Pierluigi Paganini April 02, 2019
Analyzing AZORult malware using NSA Ghidra suite

Cybaze-Yoroi ZLAB malware researchers decided to use the NSA Ghidra suite in a real case study, the analysis of the AZORult malware. Introduction One of the most expected moments in the infosec community during the last few months was, with no doubt, the Ghidra public release. On the 5th of March, at the RSA conference, […]

Pierluigi Paganini March 27, 2019
A new AZORult C++ variant can establish RDP connections

Experts from Kaspersky observed a new C++ version of the AZORult data stealer that implements the ability to establish RDP connections. The AZORult Trojan is one of the most popular data stealers in the Russian cybercrime underground. The AZORult stealer was first spotted in 2016 by Proofpoint that discovered it was part of a secondary […]

Pierluigi Paganini February 12, 2019
Gootkit: Unveiling the Hidden Link with AZORult

Cybaze-Yoroi ZLAB revealed interesting a hidden connection between the AZORult toolkit and specific Gootkit payload. Introduction In the last days, a huge attack campaign hit several organizations across the Italian cyberspace, as stated on bulletin N020219 the attack waves tried to impersonate legit communication from a known Express Courier. However, a deeper analysis by Cybaze-Yoroi ZLAB revealed interesting hidden aspects, […]

Pierluigi Paganini October 23, 2018
The new Azorult 3.3 is available in the cybercrime underground market

A new version of the Azorult info-stealer appeared in the wild, it is able to steal more data, including other types of cryptocurrencies A new version of the Azorult info-stealer appeared in the wild, it is able to steal more data, including other types of cryptocurrencies, and implements new features. The latest version of the Azorult was delivered through the […]

Pierluigi Paganini October 02, 2018
The ‘Gazorp’ Azorult Builder emerged from the Dark Web

Checkpoint experts discovered in the Dark Web an online builder, dubbed Gazorp, that allows crooks to create customized binaries for the Azorult malware. Security researchers from Checkpoint have discovered in the Dark Web an online builder, dubbed Gazorp, that allows crooks to easily create customized binaries for the Azorult info-stealing malware. The Gazorp builder allows generating for free the malicious code […]

Pierluigi Paganini July 31, 2018
A new sophisticated version of the AZORult Spyware appeared in the wild

A new sophisticated version of the AZORult Spyware was spotted in the wild, it was involved in a large email campaign on July 18 Malware researchers at Proofpoint spotted a new version of the AZORult Spyware in the wild, it was involved in a large email campaign on July 18, just 24 hours it appeared […]