General

  • Target

    R2401.exe

  • Size

    4.5MB

  • Sample

    230125-v8vdbshc53

  • MD5

    f3c011b55d32e48b420abf0c2525a44c

  • SHA1

    a8a77c3f05dae1b8cbd0413e923dec8a06e4d55d

  • SHA256

    1c8e9a2f5109f0f5215cc16926c8147a6136def1ed5759e508e2aefaf31410a6

  • SHA512

    d80fb5309521415e1a75df28a1cba78775207c38e7afca1e98b924e40bd5f1f59b8c66be0580e9e457be5e3410c50798706eee3163cbcd52bc07d248202184e2

  • SSDEEP

    49152:JBj9ybH3dYuRg6lJguwP4C2tq3lZ11tkWa45EHD+tGH5RDHW01k:4bHLRW4C2tOzEcGZRDY

Score
10/10

Malware Config

Extracted

Family

aurora

C2

195.123.218.52:8081

Targets

    • Target

      R2401.exe

    • Size

      4.5MB

    • MD5

      f3c011b55d32e48b420abf0c2525a44c

    • SHA1

      a8a77c3f05dae1b8cbd0413e923dec8a06e4d55d

    • SHA256

      1c8e9a2f5109f0f5215cc16926c8147a6136def1ed5759e508e2aefaf31410a6

    • SHA512

      d80fb5309521415e1a75df28a1cba78775207c38e7afca1e98b924e40bd5f1f59b8c66be0580e9e457be5e3410c50798706eee3163cbcd52bc07d248202184e2

    • SSDEEP

      49152:JBj9ybH3dYuRg6lJguwP4C2tq3lZ11tkWa45EHD+tGH5RDHW01k:4bHLRW4C2tOzEcGZRDY

    Score
    7/10
    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v6

Tasks