STOP Ransomware Now Dropping AZORult Trojan via 5.exe File
CYBER NEWS

STOP Ransomware Now Dropping AZORult Trojan via 5.exe File

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

The STOP ransomware family has been circling the web for a few months now, successfully infecting victims and encrypting their files. In addition to the encryption capabilities, the ransomware is now able to install a particular password stealing Trojan known as Azorult (AZORult).




The Trojan is designed to steal various types of data such as account credentials, desktop files, cryptocurrency wallets, browser history, Skype message history, among others. Once harvested, the victim’s data in uploaded to a remote server.

More about AZORult

AZORult is an information stealer and downloader designed to harvest various sensitive details from the systems it compromises. The malware was first identified in 2016 when it was distributed as a part of an infection with Chthonic banking Trojan.

Related: Remove Azorult Trojan From Your PC

AZORult spyware allows hackers to steal various kinds of sensitive data from any compromised PC. Initially, AZORult was a malware that needed another piece of malware to install and run it. However, in 2018 researchers spotted a shift in its distribution techniques.

They identified that plenty of spam email campaigns with attached RTF documents were designed to exploit known vulnerabilities and deliver the notorious spyware. Since then AZORult has been detected as part of various malspam attacks, with the latest campaign being associated with the STOP ransomware family.

STOP ransomware is downloading and executing 5.exe

According to security researcher Michael Gillespie, one of the files downloaded by the ransomware created traffic that was associated with AZORult spyware. Further analysis indicated that the .promorad variant of STOP ransomware also downloads and executes a file known as 5.exe. Upon execution, the file creates network traffic which is very similar to the command and control server communications of the AZORult stealer.

Furthermore, VirusTotal analysis of the 5.exe file indicates that 56 security engines detect it as malicious having Trojan-like behavior.

What does all of this mean to STOP ransomware victims?

All victims of the

STOP ransomware family are urged to change the passwords of all their accounts. Specific attention should be paid to accounts saved in the browser, as well as Skype, Steam, Telegram, and FTP Clients accounts. Shortly said, if you have been infected by this ransomware family, you should change the passwords of all accounts you actively use.

Here are the latest iterations of STOP ransomware which are currently active in the wild:

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...