General

  • Target

    StellarImpact.zip

  • Size

    97.2MB

  • Sample

    230125-q3hecsge76

  • MD5

    5d9f5c85000581a107cff8b8eea3962a

  • SHA1

    a9699e858e5f1419460e81178ecbd7073e5760f9

  • SHA256

    5bbe111d51daae6e765db9073044e5e0efc29c7ae3d2417018c0dd93d7b15259

  • SHA512

    fa57f8e50fb7423583b1c759633de8c64fe94540cb44ee8b65fcfa47b7606b6b77fbd7a8b7b89fdd83eb426d58e4253fad5ffe5e54078cd83a865835704563fb

  • SSDEEP

    1572864:PS3cAxpOuBUPQRjDd10AqtzA+FfK3SRuzAxExNSZuXze6t1NHDpgW7TFRkm:PSP+PQFA1u+Ff/ShjSZuj/fNHDpg8Tkm

Malware Config

Extracted

Family

aurora

C2

45.15.156.206:8081

Targets

    • Target

      StellarImpact.zip

    • Size

      97.2MB

    • MD5

      5d9f5c85000581a107cff8b8eea3962a

    • SHA1

      a9699e858e5f1419460e81178ecbd7073e5760f9

    • SHA256

      5bbe111d51daae6e765db9073044e5e0efc29c7ae3d2417018c0dd93d7b15259

    • SHA512

      fa57f8e50fb7423583b1c759633de8c64fe94540cb44ee8b65fcfa47b7606b6b77fbd7a8b7b89fdd83eb426d58e4253fad5ffe5e54078cd83a865835704563fb

    • SSDEEP

      1572864:PS3cAxpOuBUPQRjDd10AqtzA+FfK3SRuzAxExNSZuXze6t1NHDpgW7TFRkm:PSP+PQFA1u+Ff/ShjSZuj/fNHDpg8Tkm

    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks