General

  • Target

    tviewplus-main.zip

  • Size

    7.1MB

  • Sample

    230124-y6aspadf27

  • MD5

    10fe158559700256f2f4291edd5290c6

  • SHA1

    6694db684af6dd201439a9819932f1002d1fa5e9

  • SHA256

    bcb3e8afb89fb561c98bd0bb0e26f63d9b664e546eb4aa37cb806443e406f6d6

  • SHA512

    dad7c782168532505bde703bdcd511f74709d0d6b1380ebc96318d8093bfcce3098a3671328c4e7c189de7c28bf4774416d26d07c34cc4f5e77e3ea873a8cf46

  • SSDEEP

    196608:WPokJE1hVn0CfiVB3o6xY8icdCyjfjjfEt:WPoT1hVnDABO8iWCyjf0t

Score
10/10

Malware Config

Targets

    • Target

      tviewplus-main/Tradingview_Plus.exe

    • Size

      11.9MB

    • MD5

      397a3e87be96b562e99905a218a8c73e

    • SHA1

      745d869a66f44825fdb0acfe200733fc017236c9

    • SHA256

      b8dfa620add678322d2d1bcb7ca60d88ed3f78f949e54fa47de716404d1ccd53

    • SHA512

      7c19e7308a2457eee51c3863a05e9140bbc6481a8fcf8cbb32279860efc4586c3a94bd35cbed5ae18f754399935123ea87a24f948c260c110595796bbf7f5551

    • SSDEEP

      98304:3Vpe19iPDFxl5Pmya/NtCIBzEtmza3xtYMuqjqK0ArI1j0SiFjVt6o10GOAvyN6Z:Fp0CBof/BBamza3xGqmkgjkAzwy0

    Score
    10/10
    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v6

Tasks