General

  • Target

    7c3f4be7798b4299d9f90bc1dfa31bdbf9bdd96c4e3a6d8baf38d91a9b2bc4f3

  • Size

    4.6MB

  • Sample

    230123-xlqgzagd5x

  • MD5

    a78251ef6bec128a4a1a26d7f7e1e52a

  • SHA1

    28c570f5bd6f5d42696c64c49d7d9bec16eb3ee4

  • SHA256

    7c3f4be7798b4299d9f90bc1dfa31bdbf9bdd96c4e3a6d8baf38d91a9b2bc4f3

  • SHA512

    8b0cde4c374339b34157b5ad9dbf1e83c2d684fd29853ab89cbad46475d50c19e463313b8c452fb8e503f51a38de21aba162c4e406fafb668bb772a8d23a9486

  • SSDEEP

    98304:Hcq1qDdv/8EvdjHuAMnt7qXQmD3dLKvvDvuH:Hczdv/8QuAct7qXQ63cnDvA

Score
10/10

Malware Config

Extracted

Family

aurora

C2

85.209.135.29:8081

Targets

    • Target

      7c3f4be7798b4299d9f90bc1dfa31bdbf9bdd96c4e3a6d8baf38d91a9b2bc4f3

    • Size

      4.6MB

    • MD5

      a78251ef6bec128a4a1a26d7f7e1e52a

    • SHA1

      28c570f5bd6f5d42696c64c49d7d9bec16eb3ee4

    • SHA256

      7c3f4be7798b4299d9f90bc1dfa31bdbf9bdd96c4e3a6d8baf38d91a9b2bc4f3

    • SHA512

      8b0cde4c374339b34157b5ad9dbf1e83c2d684fd29853ab89cbad46475d50c19e463313b8c452fb8e503f51a38de21aba162c4e406fafb668bb772a8d23a9486

    • SSDEEP

      98304:Hcq1qDdv/8EvdjHuAMnt7qXQmD3dLKvvDvuH:Hczdv/8QuAct7qXQ63cnDvA

    Score
    10/10
    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v6

Tasks