What is Azorult Stealer 3.4?
Azorult (also known as AZORult) is a notorious information-stealing malware first detected in 2016. The 3.4 version is an upgraded variant with enhanced evasion and data theft capabilities.Primary Functions:
- Steals browser passwords, cookies, and autofill data.
- Harvests cryptocurrency wallets & credit card details.
- Logs keystrokes (keylogging) and screenshots.
- Acts as a backdoor for additional payloads (e.g., ransomware).
Key Features of Azorult Stealer 3.4
1. Data Theft Capabilities
- Browser Data Extraction:
- Targets Chrome, Firefox, Edge, Opera (passwords, cookies, history).
- Grabs session tokens for account hijacking.
- Cryptocurrency Theft:
- Scans for wallet.dat (Bitcoin, Ethereum, Exodus, etc.).
- Steals MetaMask & other browser-based crypto extensions.
- System Information Harvesting:
- Collects PC username, OS version, hardware specs.
- Logs network data (IP, DNS, Wi-Fi passwords).
2. Evasion & Persistence Mechanisms
- Process Injection: Hides in legitimate processes (explorer.exe, svchost.exe).
- Anti-VM & Sandbox Detection: Checks for virtual environments to avoid analysis.
- Persistence via Registry & Startup: Ensures it runs after reboot.
3. C2 (Command & Control) Communication
- Encrypted C2 Servers: Uses Tor or Telegram bots for stealthy data exfiltration.
- Dynamic Payload Updates: Downloads additional malware if needed.
4. Distribution Methods
- Phishing Emails: Fake invoices, job offers, or software cracks.
- Malicious Ads & Fake Downloads: Bundled with pirated software/games.
- Exploit Kits: Delivered via compromised websites.
