Sign In with your
Trend Micro Account
需要協助?
需要協助?

若您需要技術支援,請 按此建立案件。

AZORULT Malware Information

    • 更新於:
    • 9 Sep 2019
    • 產品/版本:
    • Apex One
    • Deep Discovery Email Inspector
    • Deep Discovery Inspector
    • Deep Security
    • InterScan Messaging Security Suite
    • Interscan Web Security Virtual Appliance
    • OfficeScan
    • ScanMail for Exchange
    • Worry-Free Business Security Advanced
    • 作業系統:
    • N/A
概要

The AZORULT malware was first discovered in 2016 to be an information stealer that steals browsing history, cookies, ID/passwords, cryptocurrency information and more. It can also act as a downloader of other malware. It was sold on Russian underground forums to collect various types of sensitive information from an infected computer. A variant of this malware was able to create a new, hidden administrator account on the machine to set a registry key to establish a Remote Desktop Protocol (RDP) connection.

Exploit kits such as Fallout Exploit Kit (EK) and phishing mails with social engineering technique are now the major infection vectors of the AZORult malware. Other malware families such as Ramnit and Emotet also download AZORult. The current malspam and phishing emails use fake product order requests, invoice documents and payment information requests. This Trojan-Spyware connects to command and control (C&C) servers of attacker to send and receive information.

Behaviors

  • Steals computer data, such as installed programs, machine globally unique identifier (GUID), system architecture, system language, user name, computer name, and operating system (OS) version
  • Steals stored account information used in different installed File Transfer Protocol (FTP) clients or file manager software
  • Steals stored email credentials of different mail clients
  • Steals user names, passwords, and hostnames from different browsers
  • Steals bitcoin wallets - Monero and uCoin
  • Steals Steam and telegram credentials
  • Steals Skype chat history and messages
  • Executes backdoor commands from a remote malicious user to collect host Internet protocol (IP) information, download/execute/delete file

Capabilities

  • Information Theft
  • Backdoor commands
  • Exploits
  • Download Routine

Impact

  • Compromise system security - with backdoor capabilities that can execute malicious commands, downloads and installs additional malwares
  • Violation of user privacy - gathers and steals user credentials of various applications

Infection Chain

Sample Spam - Shipping Inquiry Spam

Detection Coverage

Anti-spam

Detection/Policy/RulesRelease Date
AS Pattern 4888September 4, 2019

Web Reputation

Detection/Policy/RulesRelease Date
URL Protection
In the Cloud

ATSE

Pattern VersionRelease Date
15.343.00
September 3, 2019

Predictive Machine Learning

DetectionRelease Date
Troj.Win32.TRX.XXPE50FFF031
In the Cloud

File Detection (VSAPI)

DetectionRelease Date
ENT OPR 15.343.00
September 3, 2019

Network Pattern

DetectionRelease Date
NCCP 1.13747.00
July 12, 2019
NCIP 1.13817.00
July 12, 2019
詳情
Public

Solution Map – What should customers do?

Trend Micro SolutionMajor ProductLatest VersionVirus PatternAnti-Spam PatternNetwork PatternPredictive Machine LearningWeb Reputation




Endpoint Security
ApexOne2019



Update pattern via web console



Not Applicable
Update pattern via web console





Not Applicable




Enable Web Reputation Service and update pattern via web console
OfficeScanXG (12.0)


Not Applicable

Worry-Free Business Security
Standard (10.0)
Advanced (10.0)Update pattern via web console
Hybrid Cloud SecurityDeep Security12.0Update pattern via web consoleNot ApplicableUpdate pattern via web consoleNot ApplicableEnable Web Reputation Service and update pattern via web console





Email and Gateway Security
Deep Discovery Email Inspector3.5




Update pattern via web console





Update pattern via web console
Update pattern via web console




Not Applicable




Enable Web Reputation Service and update pattern via web console
InterScan Messaging Security9.1


Not Applicable
InterScan Web Security6.5
ScanMail for Microsoft Exchange14.0
Network SecurityDeep Discovery Inspector5.5Update pattern via web consoleNot ApplicableUpdate pattern via web consoleNot ApplicableEnable Web Reputation Service and update pattern via web console

Recommendation

Make sure to always use the latest pattern available to detect the old and new variants of AZORULT malware.

Threat Report

Premium
Internal
評價:
分類:
Remove a Malware / Virus
解決方案ID:
000146108
評定這個解決方案
本文是否幫助解決您的問題?

感謝您的意見!

請留下您的Email方便進一步的聯繫,協助我們改進文章內容:
我們不會透過以上Email寄送任何可能騷擾您的垃圾信.

本意見調查系統為自動運作,將不會回覆如銷售、技術、產品等一般問題.

若您需要協助,請聯繫對應的技術支援窗口. 聯絡我們


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.