General

  • Target

    ggmaps..exe

  • Size

    11.4MB

  • Sample

    230107-yag7wsee47

  • MD5

    2e4cdf61494a9474c0b128c6773d39bc

  • SHA1

    1d2c133442fb369c7efb29c370a111053d87c7dd

  • SHA256

    d0fc15b58f4ec8eb259f3c361de11fe0be5da9ca6ede42c9f0b2b168d19a32d2

  • SHA512

    ccb57e71c091f9bfe90e56d9550f0c56dce544633d850aa9daa37e2379a77765d210618a40dbb001d947181cd7c7640e9ce962b8146152d2ef7b02c6aacef434

  • SSDEEP

    24576:BBF+opvcaJ+mqmz+iMqe1qYAVoxIQF7xColG87D/3ln1XQo8sNXekR4i+V2CQQ8o:BB46zZzO1qYAVoxF7jxRpmxxk+YfoEK

Malware Config

Extracted

Family

aurora

C2

176.124.210.153:8081

Targets

    • Target

      ggmaps..exe

    • Size

      11.4MB

    • MD5

      2e4cdf61494a9474c0b128c6773d39bc

    • SHA1

      1d2c133442fb369c7efb29c370a111053d87c7dd

    • SHA256

      d0fc15b58f4ec8eb259f3c361de11fe0be5da9ca6ede42c9f0b2b168d19a32d2

    • SHA512

      ccb57e71c091f9bfe90e56d9550f0c56dce544633d850aa9daa37e2379a77765d210618a40dbb001d947181cd7c7640e9ce962b8146152d2ef7b02c6aacef434

    • SSDEEP

      24576:BBF+opvcaJ+mqmz+iMqe1qYAVoxIQF7xColG87D/3ln1XQo8sNXekR4i+V2CQQ8o:BB46zZzO1qYAVoxF7jxRpmxxk+YfoEK

    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks