Trend Micro Automation Center is a central hub for APIs and documentation across Trend Micro products. It offers searchable cross-product APIs and use cases for IT and security teams to automate tasks and improve efficiency.
The Education Portal is a comprehensive learning hub for Trend Micro customers, designed to deepen product and technology expertise through a wide range of curated training modules. Partners are advised to access the Education Portal through the Partner Portal.
The Trend Micro Online Help Center provides customers with comprehensive product information and troubleshooting guidance. It offers general product usage information and in-depth solutions for complex issues.
Trend Micro Service Status Portal provides real-time information on the performance of Trend Micro products. It offers up-to-date incident reports and historical data for monitoring system health.
TrendConnect is a mobile application that provides users with real-time insights into their Trend Micro security environment, including threat alerts and system health assessments.
We use cookies to make your experience on this website better. Our Cookie Notice provides more information and explains how to amend your cookie settings.
Trend Vision One All
,
Apex Central All
,
Apex One All
,
Deep Security All
,
Worry-Free Business Security Standard All
,
Worry-Free Business Security Services All
,
Worry-Free Business Security Advanced All
Last updated:   2025/08/07
Solution ID:   KA-0009734
Category:  
Remove a Malware / Virus
Summary
The AZORULT malware was first discovered in 2016 to be an information stealer that steals browsing history, cookies, ID/passwords, cryptocurrency information and more. It can also act as a downloader of other malware. It was sold on Russian underground forums to collect various types of sensitive information from an infected computer. A variant of this malware was able to create a new, hidden administrator account on the machine to set a registry key to establish a Remote Desktop Protocol (RDP) connection.
Exploit kits such as Fallout Exploit Kit (EK) and phishing mails with social engineering technique are now the major infection vectors of the AZORult malware. Other malware families such as Ramnit and Emotet also download AZORult. The current malspam and phishing emails use fake product order requests, invoice documents and payment information requests. This Trojan-Spyware connects to command and control (C&C) servers of attacker to send and receive information.
Behaviors
Steals computer data, such as installed programs, machine globally unique identifier (GUID), system architecture, system language, user name, computer name, and operating system (OS) version
Steals stored account information used in different installed File Transfer Protocol (FTP) clients or file manager software
Steals stored email credentials of different mail clients
Steals user names, passwords, and hostnames from different browsers
Steals bitcoin wallets - Monero and uCoin
Steals Steam and telegram credentials
Steals Skype chat history and messages
Executes backdoor commands from a remote malicious user to collect host Internet protocol (IP) information, download/execute/delete file
Capabilities
Information Theft
Backdoor commands
Exploits
Download Routine
Impact
Compromise system security - with backdoor capabilities that can execute malicious commands, downloads and installs additional malwares
Violation of user privacy - gathers and steals user credentials of various applications
Anti-spam
Detection/Policy/Rules
Release Date
AS Pattern 4888
September 4, 2019
Web Reputation
Detection/Policy/Rules
Release Date
URL Protection
In the Cloud
ATSE
Pattern Version
Release Date
15.343.00
September 3, 2019
Predictive Machine Learning
Detection
Release Date
Troj.Win32.TRX.XXPE50FFF031
In the Cloud
File Detection (VSAPI)
Detection
Release Date
ENT OPR 15.343.00
September 3, 2019
Network Pattern
Detection
Release Date
NCCP 1.13747.00
July 12, 2019
NCIP 1.13817.00
July 12, 2019
Solution Map – What should customers do?
Trend Micro Solution
Major Product
Latest Version
Virus Pattern
Anti-Spam Pattern
Network Pattern
Predictive Machine Learning
Web Reputation
Endpoint Security
ApexOne
2019
Update pattern via web console
Not Applicable
Update pattern via web console
Not Applicable
Enable Web Reputation Service and update pattern via web console
OfficeScan
XG (12.0)
Not Applicable
Worry-Free Business Security
Standard (10.0)
Advanced (10.0)
Update pattern via web console
Hybrid Cloud Security
Deep Security
12.0
Update pattern via web console
Not Applicable
Update pattern via web console
Not Applicable
Enable Web Reputation Service and update pattern via web console
Email and Gateway Security
Deep Discovery Email Inspector
3.5
Update pattern via web console
Update pattern via web console
Update pattern via web console
Not Applicable
Enable Web Reputation Service and update pattern via web console
InterScan Messaging Security
9.1
Not Applicable
InterScan Web Security
6.5
ScanMail for Microsoft Exchange
14.0
Network Security
Deep Discovery Inspector
5.5
Update pattern via web console
Not Applicable
Update pattern via web console
Not Applicable
Enable Web Reputation Service and update pattern via web console
Recommendation
Make sure to always use the latest pattern available to detect the old and new variants of AZORULT malware.