General

  • Target

    Photoshop.zip

  • Size

    101.6MB

  • Sample

    221216-zbkvvaad9t

  • MD5

    9a96e9b2c50e12fd1308ae07f00faa29

  • SHA1

    780cfe3e6fe9e6d59ca927e6c1bb0ef59bf8167f

  • SHA256

    d535e91ce4bbe8eb0e8d79530176ac15eef19ca5a59523402c9bbcf0e093183f

  • SHA512

    b9b9252f87ed2d4f97e5d58b779f9ebb23443ec111bcfb6b340062b6bc70d67911758378cb561ebeeb060e87bddefc4e3074b822a23a69ec02d7dc90de0e01ce

  • SSDEEP

    3145728:wTUGprKW6758KyyEUXjD72oyUWS3T/E3cu2tadV:wTUG8W6KKjj9uM/aN2YdV

Malware Config

Extracted

Family

aurora

C2

82.115.223.218:8081

Targets

    • Target

      Photoshop.exe

    • Size

      850.0MB

    • MD5

      d6064e38def47073a9d2b36e18b8ebb4

    • SHA1

      8e5a9616af1b2207e48f7ab1516391a30f44e92d

    • SHA256

      9fb3060e108c108f63cbb8aeca844085477d8b45646e7f1945fd01a1ba46dcd7

    • SHA512

      4e1dede5cd7300b481452d6a5bd6ef360578f5edc4195a1634bd9bc91c9b5d9fd9160e1c610b86f516801c750369f7c2abeac3e821cecee6aa2f7b805b96eb6b

    • SSDEEP

      24576:RSAWWeqz8NIJ7cXqzKJF/DuPB+VlSAWWeqz8NIJ7cXqzKJF/DuPB+V:RxeK8XBDuPwTxeK8XBDuPw

    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v6

Tasks