aurora | eef901ec849a72692b629df41943f45f64d759740524af63d206fbc0cdc138ba | Triage

Sharing

General

Target

8774586123.zip
Size

7.0MB
Sample

230112-t657dace4y
MD5

733d1c22de8f9abd5265eeba228f1c85
SHA1

dcc5bc4e8796d6b3f6c330791a1ff9b8fc1aa048
SHA256

eef901ec849a72692b629df41943f45f64d759740524af63d206fbc0cdc138ba
SHA512

b899ab905e353ddf380260c4c16a2a2d106091990d0a5adeb4f3cd6c9259c2756d79cdab2d22194b16b3d64efb94bb60d5c2824dd851ed1f0a84764713fba6a3
SSDEEP

98304:8FliPXcDP9Uj3pZmX5s8F9BmquZge3O+iO2YnGQ4YUU7zD2RMqiuCyw8urRmRbns:vEru7mJsKRDOl1jnqiutw8urvL

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

195.123.217.108:8081

Targets

- Target
  
  Rufus_setup.exe
- Size
  
  860.5MB
- MD5
  
  6df9d22af689fbcc258c215f3d24d664
- SHA1
  
  0066ce3897dfb391cb0a157869a46da733635d22
- SHA256
  
  676cd7bab8b26f4b2adf9220ccab9118060287314cab960d454fb4596466e569
- SHA512
  
  9bc934247b61ffdaa61763a55b56d0ac39f8f082f6143834d17afc2393f24357063d516de8c45f8e3be077b670215f24140cf9d6effe87577a26a93960073fc6
- SSDEEP
  
  49152:RJ99BNYrzX4zYy1Cfu4BXiUGFocdn/zPRak5ESDGtGH5RDHW01Y:NNYIzwXiUG73EbGZRDU
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2