General

  • Target

    Setup.exe

  • Size

    53.2MB

  • Sample

    230125-y7vt9aca91

  • MD5

    24b01aa0fcc0395fdc9a450ac9c02cf5

  • SHA1

    2d8c76a1d84820f754e271fe657750a7c1a8311a

  • SHA256

    ca4bbd2c29d6a678f5051a64680260707c4ed3a78d43f7ad06cbce0dadc42ea1

  • SHA512

    dc472af7ea132615f976e20606fdfa50aa5bbf9ae43a7b7c57aea2e2bd1665e455d6760a308b27740f1da00a116e135789c9e89fb59786bdc30eefbb88ba6bf6

  • SSDEEP

    98304:7379V+5pY31Fpj1lF2IaTI9nWRTuy31o1Ymocyb0t:n+knpjjaTw/Y1o+mDyA

Score
10/10

Malware Config

Extracted

Family

aurora

C2

45.9.74.11:8081

Targets

    • Target

      Setup.exe

    • Size

      53.2MB

    • MD5

      24b01aa0fcc0395fdc9a450ac9c02cf5

    • SHA1

      2d8c76a1d84820f754e271fe657750a7c1a8311a

    • SHA256

      ca4bbd2c29d6a678f5051a64680260707c4ed3a78d43f7ad06cbce0dadc42ea1

    • SHA512

      dc472af7ea132615f976e20606fdfa50aa5bbf9ae43a7b7c57aea2e2bd1665e455d6760a308b27740f1da00a116e135789c9e89fb59786bdc30eefbb88ba6bf6

    • SSDEEP

      98304:7379V+5pY31Fpj1lF2IaTI9nWRTuy31o1Ymocyb0t:n+knpjjaTw/Y1o+mDyA

    Score
    10/10
    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks