General

  • Target

    19ff750819058dbeb6888e6ad508f181c9e7aa97bd0f40b7f9784f464dd8722c

  • Size

    960KB

  • Sample

    221231-w5qfmsac24

  • MD5

    fb2021ecab72d6199c4125078070e0b9

  • SHA1

    26f496166498db29ef8981057b6cc82a5677e4cc

  • SHA256

    19ff750819058dbeb6888e6ad508f181c9e7aa97bd0f40b7f9784f464dd8722c

  • SHA512

    a49637cb25d394a119b3dc7ffa77211f6f3cce3d1b304edcbfac2b8c676854d61f632bc805e4b36cfddf30f4a77398511672917169f5e7ee44c35c67803ddf48

  • SSDEEP

    24576:NnFQdf8EHkhwBC4Z8LIzGz69aFnnLQlsgFAPy9r8vHKmOn4:Nnat6ksvBnLmAq9r8vHKK

Malware Config

Extracted

Family

aurora

C2

45.15.156.97:8081

Targets

    • Target

      19ff750819058dbeb6888e6ad508f181c9e7aa97bd0f40b7f9784f464dd8722c

    • Size

      960KB

    • MD5

      fb2021ecab72d6199c4125078070e0b9

    • SHA1

      26f496166498db29ef8981057b6cc82a5677e4cc

    • SHA256

      19ff750819058dbeb6888e6ad508f181c9e7aa97bd0f40b7f9784f464dd8722c

    • SHA512

      a49637cb25d394a119b3dc7ffa77211f6f3cce3d1b304edcbfac2b8c676854d61f632bc805e4b36cfddf30f4a77398511672917169f5e7ee44c35c67803ddf48

    • SSDEEP

      24576:NnFQdf8EHkhwBC4Z8LIzGz69aFnnLQlsgFAPy9r8vHKmOn4:Nnat6ksvBnLmAq9r8vHKK

    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v6

Tasks