A dive into Azorult

A quick dive into a misconfigured Azorult environment.

Azorult how to guide leaked

One of the sites that has been hijacked by Azorult threat actors have left the documents clear on the site. I took that moment, and I downloaded the ‘Azorult’ installation guide from the compromised site.

Compromised site hosting the Azorult installed guide

Download the azorult how to guide

Azorult Top level domains

The guide contains a list of Top Level Domains which are recommended to be used:

  • .bit
  • .ug
  • .net
  • .org
Screenshot of the Azorult configuration guide on TLDs
Screenshot of the recommended TLDs in the Azorult guide

Loader configuration

Loader configuration
Screenshot

IOC

  • http://vietmustpay[.]ga/azo/azorult/
  • http://vietmustpay[.]ga/azo/azorult/Example_setting.jpg
  • http://vietmustpay[.]ga/azo/azorult/PL341/panel/admin.php
  • http://vietmustpay[.]ga/azo/azorult/Manual_AZORult.txt

Share this information