Malware: Azorult

Description

[Azorult](https://attack.mitre.org/software/S0344) is a commercial Trojan that is used to steal information from compromised hosts. [Azorult](https://attack.mitre.org/software/S0344) has been observed in the wild as early as 2016. In July 2018, [Azorult](https://attack.mitre.org/software/S0344) was seen used in a spearphishing campaign against targets in North America. [Azorult](https://attack.mitre.org/software/S0344) has been seen used for cryptocurrency theft. (Citation: Unit42 Azorult Nov 2018)(Citation: Proofpoint Azorult July 2018)

External References

• mitre-attack
• Proofpoint Azorult July 2018
• Unit42 Azorult Nov 2018

Techniques Used by This Malware

• T1012 — Query Registry
• T1016 — System Network Configuration Discovery
• T1033 — System Owner/User Discovery
• T1055.012 — Process Hollowing
• T1057 — Process Discovery
• T1070.004 — File Deletion
• T1082 — System Information Discovery
• T1083 — File and Directory Discovery
• T1105 — Ingress Tool Transfer
• T1113 — Screen Capture
• T1124 — System Time Discovery
• T1134.002 — Create Process with Token
• T1140 — Deobfuscate/Decode Files or Information
• T1552.001 — Credentials In Files
• T1555.003 — Credentials from Web Browsers
• T1573.001 — Symmetric Cryptography

APT Groups Using This Malware

• TA505