General

  • Target

    myphotos_12-reducedSize.exe

  • Size

    5.2MB

  • Sample

    221230-yjjr3sbf7t

  • MD5

    998e7843ec353d65c1bf369c9365d35a

  • SHA1

    336bf70bc8b47cd23cd21e507850f857a55a74ac

  • SHA256

    a4560d46d9b0cafa629c19d9205adb72d0f4c72ebbe242926a6a42559712f1b1

  • SHA512

    b291c7adab207b0a6885bd2fc4dcaf4061e0ebb1e2d569ca607652b7fa4b552dc9e8ca84fbb92f0a799e6c0e271e4136482ffaed2922fd141e27e80a95b338e4

  • SSDEEP

    98304:LbqgKDxqPbenHTpM5nQeKMYHU8o74aqF:LCDxqKMdpKV0R4a

Score
10/10

Malware Config

Extracted

Family

aurora

C2

45.138.74.160:8081

Targets

    • Target

      myphotos_12-reducedSize.exe

    • Size

      5.2MB

    • MD5

      998e7843ec353d65c1bf369c9365d35a

    • SHA1

      336bf70bc8b47cd23cd21e507850f857a55a74ac

    • SHA256

      a4560d46d9b0cafa629c19d9205adb72d0f4c72ebbe242926a6a42559712f1b1

    • SHA512

      b291c7adab207b0a6885bd2fc4dcaf4061e0ebb1e2d569ca607652b7fa4b552dc9e8ca84fbb92f0a799e6c0e271e4136482ffaed2922fd141e27e80a95b338e4

    • SSDEEP

      98304:LbqgKDxqPbenHTpM5nQeKMYHU8o74aqF:LCDxqKMdpKV0R4a

    Score
    10/10
    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks