General

  • Target

    LibreOffice_7.4.4_Win_x64.exe

  • Size

    4.3MB

  • Sample

    230124-vvs84scg86

  • MD5

    e180d59d9dfa41f80e57e030f68dad4c

  • SHA1

    8e1c8feb0e9ca11250b7d0a7c98c825ea10d76c5

  • SHA256

    515e7fa2e16b9723f02b9676aeeb392c3e246a3a76dd52de2779f164d7c0cb78

  • SHA512

    ebd204c02f5edcd6d84a37cd6918cafa5745dba05b14a409f87ee564c870248e746205cf41e1bc5ebbf97ef2fb2ef4f25b0d53bea05e1186f5a4c4ccc68e3b33

  • SSDEEP

    49152:mynSK5EsNuNc4Jyj+NTpGktKDJ3Me01iVZChKENKEhaStuJUSQW02F1fNFm:m9KmsNuNIjnyhK9JUYNM

Score
10/10

Malware Config

Extracted

Family

aurora

C2

79.137.133.225:8081

Targets

    • Target

      LibreOffice_7.4.4_Win_x64.exe

    • Size

      4.3MB

    • MD5

      e180d59d9dfa41f80e57e030f68dad4c

    • SHA1

      8e1c8feb0e9ca11250b7d0a7c98c825ea10d76c5

    • SHA256

      515e7fa2e16b9723f02b9676aeeb392c3e246a3a76dd52de2779f164d7c0cb78

    • SHA512

      ebd204c02f5edcd6d84a37cd6918cafa5745dba05b14a409f87ee564c870248e746205cf41e1bc5ebbf97ef2fb2ef4f25b0d53bea05e1186f5a4c4ccc68e3b33

    • SSDEEP

      49152:mynSK5EsNuNc4Jyj+NTpGktKDJ3Me01iVZChKENKEhaStuJUSQW02F1fNFm:m9KmsNuNIjnyhK9JUYNM

    Score
    7/10
    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v6

Tasks