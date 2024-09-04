DUBAI, DUBAI, UNITED ARAB EMIRATES, September 4, 2024 /EINPresswire.com/ -- ANY.RUN, a leading provider of interactive malware analysis solutions, presents an insightful guest post by malware reverse engineer and threat intelligence analyst, Mostafa ElSheimy. In this comprehensive analysis, Mostafa examines the main functionalities of AZORult, a sophisticated credential and payment card information stealer.

𝐂𝐨𝐦𝐩𝐫𝐞𝐡𝐞𝐧𝐬𝐢𝐯𝐞 𝐁𝐫𝐞𝐚𝐤𝐝𝐨𝐰𝐧 𝐨𝐟 𝐀𝐙𝐎𝐑𝐮𝐥𝐭’𝐬 𝐄𝐯𝐨𝐥𝐮𝐭𝐢𝐨𝐧 𝐚𝐧𝐝 𝐁𝐞𝐡𝐚𝐯𝐢𝐨𝐫

ElSheimy provides an in-depth look into the evolution of AZORult, tracing its origins from its early development in Delphi to its transition into C++ and the introduction of .bit domain support.

The key findings include:

• Execution of hidden PowerShell commands: AZORult uses PowerShell scripts to execute malicious commands undetected.

• Registry manipulation: AZORult modifies and deletes Windows registry keys, further securing its persistence within the system.

• File dropping: The malware deploys additional payloads, such as Declinometer235.exe, to enhance its functionality and ensure broader system compromise.

• Anti-debugging techniques: It employs techniques such as GetTickCount to detect if it's running in a virtualized environment, helping it avoid detection.

𝐖𝐡𝐲 𝐓𝐡𝐢𝐬 𝐌𝐚𝐭𝐭𝐞𝐫𝐬 𝐟𝐨𝐫 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐏𝐫𝐨𝐟𝐞𝐬𝐬𝐢𝐨𝐧𝐚𝐥𝐬

For cybersecurity experts, this report serves as a practical guide to understanding malware’s strategies and methods, which can be vital for developing countermeasures against this type of threat.

