General

  • Target

    npp.8.4.8.Installer.x64.exe

  • Size

    4.4MB

  • Sample

    230118-recdwaeh4x

  • MD5

    70b0af7f90b6cbbbf8cc7f25fb84b6f6

  • SHA1

    9e9667fc37f25bfabefa16b6a226cb01e58bdfbd

  • SHA256

    d352ac54030d52244bf5de3963ed2a49059556bf033fedb67f27d06dfbd3ae39

  • SHA512

    552dde4103a066ca198ba9f50405777a85988fef13a1d5bce56ddec30f04331b646f3b7455dccef6e3853e7f0abce38b80be8447c95d456e85c23197daa1edc0

  • SSDEEP

    49152:t/XTnwHA9dbfpbeWj9NTpGktKDJ3MbopOblGxPjhprhapt9JUOd6A02F1dNtvZkD:tvTnsA9ddb/jBoxPaJUm/NdZ+

Score
10/10

Malware Config

Extracted

Family

aurora

C2

79.137.133.225:8081

Targets

    • Target

      npp.8.4.8.Installer.x64.exe

    • Size

      4.4MB

    • MD5

      70b0af7f90b6cbbbf8cc7f25fb84b6f6

    • SHA1

      9e9667fc37f25bfabefa16b6a226cb01e58bdfbd

    • SHA256

      d352ac54030d52244bf5de3963ed2a49059556bf033fedb67f27d06dfbd3ae39

    • SHA512

      552dde4103a066ca198ba9f50405777a85988fef13a1d5bce56ddec30f04331b646f3b7455dccef6e3853e7f0abce38b80be8447c95d456e85c23197daa1edc0

    • SSDEEP

      49152:t/XTnwHA9dbfpbeWj9NTpGktKDJ3MbopOblGxPjhprhapt9JUOd6A02F1dNtvZkD:tvTnsA9ddb/jBoxPaJUm/NdZ+

    Score
    7/10
    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v6

Tasks