General

  • Target

    2217289da4dda8f1848e6643a7b870ca2a6a2a5104bb0a34caab311c272130f8.com

  • Size

    365.7MB

  • Sample

    230118-tq712acg23

  • MD5

    15a9aaf672463b1d87692378373768ee

  • SHA1

    07e3c06c5de7cc3ee93ebb8e761eef12c4a8244d

  • SHA256

    2217289da4dda8f1848e6643a7b870ca2a6a2a5104bb0a34caab311c272130f8

  • SHA512

    8ce474ada786476bf8a625362169c2dad7fbc2eddf66805d9567b4ed4dff6857201c8e091d13eaede14eaa2889de72943ae86be9e262daf52f2495008ef0fc4b

  • SSDEEP

    49152:OnzKNJ9hgKrQxjryRpFfa4B9hOPF8ZVspMOZZTbhogyldrh/ks0f7qUtJ:

Score
10/10

Malware Config

Extracted

Family

aurora

C2

77.91.78.153:8081

Targets

    • Target

      2217289da4dda8f1848e6643a7b870ca2a6a2a5104bb0a34caab311c272130f8.com

    • Size

      365.7MB

    • MD5

      15a9aaf672463b1d87692378373768ee

    • SHA1

      07e3c06c5de7cc3ee93ebb8e761eef12c4a8244d

    • SHA256

      2217289da4dda8f1848e6643a7b870ca2a6a2a5104bb0a34caab311c272130f8

    • SHA512

      8ce474ada786476bf8a625362169c2dad7fbc2eddf66805d9567b4ed4dff6857201c8e091d13eaede14eaa2889de72943ae86be9e262daf52f2495008ef0fc4b

    • SSDEEP

      49152:OnzKNJ9hgKrQxjryRpFfa4B9hOPF8ZVspMOZZTbhogyldrh/ks0f7qUtJ:

    Score
    10/10
    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks