General

  • Target

    out.exe

  • Size

    4.6MB

  • Sample

    230120-plp77sff6x

  • MD5

    f85e29c74f2a686ae241c65b35afe981

  • SHA1

    66d601169993d21f953f804908a89d8166cc64f8

  • SHA256

    eb6ff3d3fe8e111f87fcb1068bd9616bf4217ec543335117a491cc755552f4b8

  • SHA512

    3fddee4b98c45669d208487ec528b42e31a4c0e55f6eb2543796e4218c1236dc03df7d0fd270336cc1c91cb81d5a230750efd4fa92cb7e3c29151bd8d3a1476a

  • SSDEEP

    49152:EN6LYEffWu9W97jbNTpGktKDJ3M0X3BM18xlvQaJz6JU63M02F1/Nd:EQLfffW1tjKW18eJUPN

Score
10/10

Malware Config

Extracted

Family

aurora

C2

45.15.156.210:8081

Targets

    • Target

      out.exe

    • Size

      4.6MB

    • MD5

      f85e29c74f2a686ae241c65b35afe981

    • SHA1

      66d601169993d21f953f804908a89d8166cc64f8

    • SHA256

      eb6ff3d3fe8e111f87fcb1068bd9616bf4217ec543335117a491cc755552f4b8

    • SHA512

      3fddee4b98c45669d208487ec528b42e31a4c0e55f6eb2543796e4218c1236dc03df7d0fd270336cc1c91cb81d5a230750efd4fa92cb7e3c29151bd8d3a1476a

    • SSDEEP

      49152:EN6LYEffWu9W97jbNTpGktKDJ3M0X3BM18xlvQaJz6JU63M02F1/Nd:EQLfffW1tjKW18eJUPN

    Score
    8/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v6

Tasks