Navigation X
ALERT
Click here to register with a few steps and explore all our cool stuff we have to offer!



 4185

Azorult 3.3 & Cracked (PERSONAL USE ONLY)

by agcash6 - 25 November, 2019 - 05:56 AM
This post is by a banned member (agcash6) - Unhide
agcash6  
Supreme
50
Posts
20
Threads
5 Years of service
#1
(This post was last modified: 30 November, 2019 - 04:10 AM by agcash6. Edit Reason: updated download link )
Azorult 3.3 & Cracked (PERSONAL USE ONLY)

Azorult v3.3



The above states the following improvements and features:

[+] Added support for stealing the following wallet credentials: BitcoinGold, electrumG, btcprivate (electrum-btcp), bitcore, Exodus Eden

[+] Cryptocurrency wallet’s stealer component has been improved.

[+] The loader component was fixed and improved, allowing bat files to be loaded and executed with no errors

[+] Lowered AV detection rate, increased successful installation rate

[+] Slight improvement in admin panel’s performance



Comparison to previous versions

In version 3.2, the C&C domain name was xored with a hardcoded key and then encoded with base64. The current version 3.3 shows a new encryption method to obfuscate the domain name. The script for decryption of the domain’s string can be found in the Appendix below.
Every version of Azorult has a unique xor key for its connection method to the C&C. In version 3.3 the connection key is: [0x3, 0x55, 0xae]. Moreover, every version connection message contains a prefix (‘getcfg=’ in version 3.1 and ‘G’ in version 3.2) prepended to the id hash before xoring with the connection key. The prefix in version 3.3 is the connection key, which makes the connection message sent to C&C starts with 3 zero bytes.

Figure 2: adding connection key as prefix.

Azorult’s C&C server response is divided into 3 parts separated by tags:

<c></c> – the configuration part, encoded with base64

<n></n> – DLLs that Azorult copies to a new directory it creates under the %TEMP% folder. The name of the new directory is unique for every version of Azorult (‘1M0’ in version 3.1 and ‘2fda’ in version 3.2). In the new version, the name of the directory is generated based on the id hash of the victim’s computer. Therefore, the name of the directory will be different for every victim.

The algorithm for generating the directory name is as follows:

Id_hash=hash_func(guid)-hash_func(product_name)-hash_func(user_name)- hash_func(computer_name)-hash_func(guid+product_name+user_name+computer_name)

Directory_name = hash_func(hash_func(Id_hash))

The particular implementation of the hash_func method is outlined in a script, which appears in the Appendix below.

<d></d> – names of application paths that Azorult harvests data from. In version 3.3,



DOWNLOAD
Hidden Content
You must register or login to view this content.


Password
Hidden Content
You must register or login to view this content.



Please leave feedback
IF determined anything posted used for malicious purposes, all threads will be deleted and future ones stop.
[Image: 68747470733a2f2f692e696d6775722e636f6d2f...676966.gif]
This post is by a banned member (Realgoat) - Unhide
This post is by a banned member (Digitalix) - Unhide
Digitalix  
Registered
32
Posts
0
Threads
5 Years of service
#3
[font][font]Thanks bro ![/font][/font]
This post is by a banned member (mawikuhar) - Unhide
This post is by a banned member (aditya502) - Unhide
aditya502  
Registered
23
Posts
0
Threads
5 Years of service
#5
I THINK I CAN DO WITH LOT MORE WITH IT
This post is by a banned member (HAP) - Unhide
HAP  
Registered
79
Posts
11
Threads
5 Years of service
#6
Nice share! Let's try this tool.
 
This post is by a banned member (cracked_new) - Unhide
10
Posts
0
Threads
5 Years of service
#7
dead link
This post is by a banned member (agcash6) - Unhide
agcash6  
Supreme
50
Posts
20
Threads
5 Years of service
#8
(30 November, 2019 - 01:05 AM)cracked_new Wrote: Show More
dead link

It's been updated and working again.
[Image: 68747470733a2f2f692e696d6775722e636f6d2f...676966.gif]

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
or
Sign in
Already have an account? Sign in here.


Forum Jump:


Users browsing this thread: 3 Guest(s)