Dosya Kimliği
| SHA256 | 738e40cdc0c1cd12e2f3b5a7d4e8c6f1a9b0d3e7f5c2a4b6d8f0e1c3a5b7d9f2 |
|---|---|
| Boyut | 143.360 byte |
| String Sayisi | 1.193 |
Şifreli C2 Config Fragmenti
9|l0c2- -- Şifreli C2 adresi fragmenti
Registry Kalicilik
RegCreateKeyExW -- Registry yazma (kalicilik icin)
AZORult Hakkinda
AZORult, 2016'dan beri aktif Rus yapimi C++ infostealer ailesidir. Tarayici sifreleri, email kimlik bilgileri, FTP, kripto cuzdan ve sistem bilgisi calar. HTTP POST ile sifreli C2'ye veri gonderir. 2019'da sIzdirildiktan sonra genis yayilim kazanmistir.
IOC
| SHA256 | 738e40cdc0c1cd12e2f3b5a7d4e8c6f1a9b0d3e7f5c2a4b6d8f0e1c3a5b7d9f2 |
|---|---|
| Kalicilik | RegCreateKeyExW |
AZORult — Malware Profile
AZORult, 2016 dan beri aktif Rus yapimi C++ infostealer ailesidir. Tarayici sifreleri, email, FTP, kripto cuzdan. 2019 sızdırılmıstır.
Technical Details
C++, HTTP POST C2, browser credential theft (Chromium/Firefox), cookie theft, cryptocurrency wallet stealer, Steam session stealer, screenshot, clipboard monitor, downloader capability
Capabilities & Behavior
IOC List (1 indicators)
# SHA256
738e40cdc0c1cd12e2f3b5a7d4e8c6f1a9b0d3e7f5c2a4b6d8f0e1c3a5b7d9f2
| Type | Value | Note |
|---|---|---|
| sha256 | 738e40cdc0c1cd12e2f3b5a7d4e8c6f1a9b0d3e7f5c2a4b6d8f0e1c3a5b7d9f2 |
C2 Servers (4 recorded servers for this family)
| Address | Type | Port | Protocol | Status | Country |
|---|---|---|---|---|---|
| ip-api.com | domain | 80 | HTTP | active | — |
| azorult-panel.ru | domain | 80 | HTTP | inactive | RU |
| 176.109.116.153 | ip | 80 | HTTP | inactive | UA |
| dotbit.me | domain | 443 | HTTPS | inactive | — |
C2 addresses are provided only from malware samples manually verified by the KEYDAL team. Commercial use is prohibited.