General
-
Target
f313bf5d9b50d94ccfe4d22a0d1561e9d2b8cb525752ce15aaa7b53ca1d05f04.exe
-
Size
780KB
-
Sample
221216-xjhpcafc93
-
MD5
35c4199af620e774fc51228a61c3b226
-
SHA1
1afb7f9a834b62133c46da273b788b941cc58533
-
SHA256
f313bf5d9b50d94ccfe4d22a0d1561e9d2b8cb525752ce15aaa7b53ca1d05f04
-
SHA512
8e9e8923442d4d2c3d9b99cdbafd12159cf08c1a6c63a774157eef03f4c606064e46caafcf534f812583618dd8c298e9933af9248176b0cb7963d4229284beba
-
SSDEEP
3072:eahKyd2n31yS5LvfiP1yaX3KmC5wBCgBCwfjL1c1pcSsP1XBRWf9:eahOcnHn9BF//1cUJ
Static task
static1
Behavioral task
behavioral1
Sample
f313bf5d9b50d94ccfe4d22a0d1561e9d2b8cb525752ce15aaa7b53ca1d05f04.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f313bf5d9b50d94ccfe4d22a0d1561e9d2b8cb525752ce15aaa7b53ca1d05f04.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
aurora
79.137.206.138:8081
Targets
-
-
Target
f313bf5d9b50d94ccfe4d22a0d1561e9d2b8cb525752ce15aaa7b53ca1d05f04.exe
-
Size
780KB
-
MD5
35c4199af620e774fc51228a61c3b226
-
SHA1
1afb7f9a834b62133c46da273b788b941cc58533
-
SHA256
f313bf5d9b50d94ccfe4d22a0d1561e9d2b8cb525752ce15aaa7b53ca1d05f04
-
SHA512
8e9e8923442d4d2c3d9b99cdbafd12159cf08c1a6c63a774157eef03f4c606064e46caafcf534f812583618dd8c298e9933af9248176b0cb7963d4229284beba
-
SSDEEP
3072:eahKyd2n31yS5LvfiP1yaX3KmC5wBCgBCwfjL1c1pcSsP1XBRWf9:eahOcnHn9BF//1cUJ
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-