Resubmissions
04/01/2023, 10:05
230104-l4s52aad8t 10General
-
Target
c2f4d1bc03bb6586ce429064d1c2d24b6f958fdc1785400e334a579a821dc796
-
Size
8.1MB
-
Sample
230104-l4s52aad8t
-
MD5
f3c6b4f884ee17e21c51bcca7cbda178
-
SHA1
84721c29f3cc593653855d00ad8e0868d0f80d8d
-
SHA256
c2f4d1bc03bb6586ce429064d1c2d24b6f958fdc1785400e334a579a821dc796
-
SHA512
22a3fad531dc2cf8293bb9b6e5a6f4e804756769d30db655aef6b9dcaf415aeaea93083a2df90dbb13ecd2a60e7eec9860c3abb247ed521a175372086e8b1336
-
SSDEEP
196608:DtENXW++mzrvmqFsuHVioV8m2oUqLbI/qXx2nVJ1G:DWlW3mzrvPF11r12oUqLOqXx2s
Static task
static1
Behavioral task
behavioral1
Sample
c2f4d1bc03bb6586ce429064d1c2d24b6f958fdc1785400e334a579a821dc796.zip
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c2f4d1bc03bb6586ce429064d1c2d24b6f958fdc1785400e334a579a821dc796.zip
Resource
win10v2004-20221111-en
Behavioral task
behavioral3
Sample
x32_x64_app_setup/x32_x64_app_setup.exe
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
x32_x64_app_setup/x32_x64_app_setup.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
aurora
79.137.206.138:8081
Targets
-
-
Target
c2f4d1bc03bb6586ce429064d1c2d24b6f958fdc1785400e334a579a821dc796
-
Size
8.1MB
-
MD5
f3c6b4f884ee17e21c51bcca7cbda178
-
SHA1
84721c29f3cc593653855d00ad8e0868d0f80d8d
-
SHA256
c2f4d1bc03bb6586ce429064d1c2d24b6f958fdc1785400e334a579a821dc796
-
SHA512
22a3fad531dc2cf8293bb9b6e5a6f4e804756769d30db655aef6b9dcaf415aeaea93083a2df90dbb13ecd2a60e7eec9860c3abb247ed521a175372086e8b1336
-
SSDEEP
196608:DtENXW++mzrvmqFsuHVioV8m2oUqLbI/qXx2nVJ1G:DWlW3mzrvPF11r12oUqLOqXx2s
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
-
-
Target
x32_x64_app_setup/x32_x64_app_setup.exe
-
Size
677.8MB
-
MD5
fa39dd98cb841df4862b42f921cdc216
-
SHA1
bc7b3c8b053eba372baeedd38d7b315c5cc82fc1
-
SHA256
a59a14983a9e3895a8f129ad13021d02a7d01f3727dd9a5ff8c7b2d3d0b8b47d
-
SHA512
b7f81652824379d4dd101bb6654ef85e9e38077506956ec57e7676c00b3dca4dd6e6b4cc9b82f682eb24b9dfa197e349ca3c5ff23ab60880353cc46224a81dcf
-
SSDEEP
3072:HahKyd2n31DY5PQ0bbsYPrT1OhwcqtiyD+ltwfFaOrzu0vD2Q9E64gRq6hpDb0:HahOhVkAwT1iwiyD023D2Q9L4qs
Score10/10-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-