aurora | ceca5640d01a16a5ebb28c1026192ad51eb87dc3e7a83665c656654dd581caf7 | Triage

Sharing

General

Target

AppSetup.zip
Size

213.4MB
Sample

230111-2t5n3sef39
MD5

8f67116a7162f6cc4fcb136801b7cd79
SHA1

15379613f6fc9783cea5019ad1825c8b9cfe600d
SHA256

ceca5640d01a16a5ebb28c1026192ad51eb87dc3e7a83665c656654dd581caf7
SHA512

b912cb2a6837fe21c8ac503747225eb90cbd82d0cc346d748975a0c7fb2ee603ee708d4744a8cd5a13ab5dda6e3e1de814cd31da11205bc1cbf729ecc34c75e8
SSDEEP

3145728:L5l3mKy35sc/NiZWgIhCBPpNV11j/elN89uCzDytg9Scu6/G0P92jrMLArN:L5l3mLpsqgN9Qw9uQ0pU23MON

Score

10^/10

aurora shurk spyware stealer

Malware Config

Extracted

Family

aurora

C2

82.115.223.138:8081

Targets

- Target
  
  Installer.exe
- Size
  
  704.5MB
- MD5
  
  8105a29d78563cfcf875ea409c10dbd4
- SHA1
  
  0ba1152f629aad1bc1b03ad18620238a1ffc98df
- SHA256
  
  9e0306300916e282b5ec678c738da7b0f7b01f76f21630e9bec87daf2663444f
- SHA512
  
  c7fdb7519f2dcd63f5089c1ea950c5376744c51a4ac18ea40f7fdb17e80417638b7bc11d4af2c1a38a99c3936ce532c9e556d458c90817afb1edaaf99ad7f987
- SSDEEP
  
  49152:tB9EUkfsecSDYxn3+FTB7BurTrIrO2rsa05E8votGH5RDHp01J:OUkOSXB7B0VEjGZRDS
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2