General

  • Target

    Launcher.exe

  • Size

    17.5MB

  • Sample

    230125-qzybeage65

  • MD5

    252fdb6dfb35b74ef1863132f8d9be7e

  • SHA1

    ed4af7944996302aae66cada45b405fe6a93dc9a

  • SHA256

    c37b82f04b41b6172687f81f5e9c4067fc47a7fe571e2c447b2aa09319b24a1b

  • SHA512

    19dd659c0e80a706930de259cc2eb5fcc161eb0cf7a90c26e745414b31f3146a93b80701c4692ad4fb3a626ff54f90de48ee83702cebd1145c47d3878012e579

  • SSDEEP

    98304:crtfNK6qX+OKGx8ScqoCj8BI6WY+l6hTCWxk/p6c:crEX738Sc1Cj654whFap

Malware Config

Extracted

Family

aurora

C2

45.15.156.206:8081

Targets

    • Target

      Launcher.exe

    • Size

      17.5MB

    • MD5

      252fdb6dfb35b74ef1863132f8d9be7e

    • SHA1

      ed4af7944996302aae66cada45b405fe6a93dc9a

    • SHA256

      c37b82f04b41b6172687f81f5e9c4067fc47a7fe571e2c447b2aa09319b24a1b

    • SHA512

      19dd659c0e80a706930de259cc2eb5fcc161eb0cf7a90c26e745414b31f3146a93b80701c4692ad4fb3a626ff54f90de48ee83702cebd1145c47d3878012e579

    • SSDEEP

      98304:crtfNK6qX+OKGx8ScqoCj8BI6WY+l6hTCWxk/p6c:crEX738Sc1Cj654whFap

    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks