Technical analysis by the Malware Hunter JAMESWT

Azorult’s global campaign also arrives in Italy. The decoy is a false order from a Taiwanese company. The xls attachment, if opened, contacts a link and redirects the victim to a malicious site, which downloads the malware

Azorult’s global campaign also arrives in Italy. In the past few hours, false emails from a real Shanghai company, referring to an alleged order of products, have been circulating. The xls attachment of the message, if opened, contacts a link that redirects the user to a malicious site from which the malware is downloaded. The target appears to be companies. Azorult is an information stealer that steals browser history, cookies, ID / password, cryptocurrency and other information. Furthermore, it can act as a downloader to download other malicious payloads. A variant of it, however, is able to create a new hidden administrator account on the infected computer, in order to set the registry keys to create a Remote Desktop Protocol (RDP) connection.

The fake email

The xls attachment

The link redirection

IOCS