General

  • Target

    Google Maps.zip

  • Size

    2.8MB

  • Sample

    221228-s6rtbaag46

  • MD5

    fddd90a47c4a4b6d9700421dae264ed3

  • SHA1

    fe596b637f78d75caf3723384c270c878d7f8698

  • SHA256

    1eae48337bc7564fc84e01ebbf6fb5b748fa79a29062f702f626563c2d6c789e

  • SHA512

    b4a9f8a838eb7b32ec9230e277b330aa987564d2a7303bac13d93097b93e7b8760dcf5d8ef57d54f87e69925e788b26adf7c4f7b8fc20476ee1e72937be9a5bf

  • SSDEEP

    49152:JQudAfE/GN3bCEVX/47gbaqIIWhAEyqlf2JrbOGXkiNTi:b/GB/ot9jhAEymiaGXkiNTi

Malware Config

Extracted

Family

aurora

C2

45.138.74.160:8081

Targets

    • Target

      Google Maps.com

    • Size

      941.3MB

    • MD5

      875e34da7d4eaf4b93276025f840780c

    • SHA1

      7d04d7dd3d12865b7045dc291c1e57b03e36a176

    • SHA256

      79845c48612bcbf72ecd6bd29762c9c76772c619df8e5850b0e7e5d4bb2629de

    • SHA512

      3a4b9f6f241b9d17e96194e0b6070de8708c461f110b9a8412b1026cdca2bd8e0622290aa3ceb7eee10230ad8c663953c64f94243b0fffe8883ccee9a8ee8661

    • SSDEEP

      24576:Z2SoIENPiHQkXXXGGupmrYR6UMSrtynq99sg2TDNfnGjpuGX80:sIErSWyq9R23euGX80

    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks