General

  • Target

    pluginspass_1234.zip

  • Size

    13.8MB

  • Sample

    230125-txmzfaha58

  • MD5

    8c2855e958c843d8d464dac3bc2d198a

  • SHA1

    ae667b48658cbd6417ce04c008a7c3e1199cd2b7

  • SHA256

    f2ca310145617bcf0f5275402d621c61d2162b6234708190abfc0be2bb99b087

  • SHA512

    5fc63da6f49fec20d6e041e63c5c15409618030e66df55bfd010ce1b61d1be37657b4d57bd4db2c213eaf7d4b10e687af021dc00f5dfb65463e31c5376c21a5e

  • SSDEEP

    393216:6pMysaqe6HYA1h6OwcTm+7p80or8InGxS113aomOpSn:6prsTdY863+7pFS84Go113HpSn

Score
10/10

Malware Config

Extracted

Family

aurora

C2

185.106.93.203:8081

Targets

    • Target

      plugins/Adobe 2022 23.1.0.143 RePack by KpoJIuK.exe

    • Size

      2.1MB

    • MD5

      64750b4417dbfd3d4e13229d32c4c8e3

    • SHA1

      e551b20b9f685c60dceaa3009b264d29f707b09b

    • SHA256

      edc0eb135e4ecfc60b65eacc8f085f607bc50be8c6cd96c2f78a06738c5fb35d

    • SHA512

      4556c196a54ebc79847041cd5c7d01fe841fd92e4eeca6c0f5a78bb0a165f492b858c69cd6af2af94076dec5692ec7a21c9a85d23e82bfeb6078a3601ad341ad

    • SSDEEP

      49152:GnITHngtlGPpCDpNEieMds59T0i2mRGYICayjaibJM2G7V0Pv:jGlOC1NEL+op0i2mR4CBjaLX7V0X

    Score
    10/10
    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v6

Tasks