General
-
Target
Setup.exe
-
Size
53.2MB
-
Sample
230125-y7vt9aca91
-
MD5
24b01aa0fcc0395fdc9a450ac9c02cf5
-
SHA1
2d8c76a1d84820f754e271fe657750a7c1a8311a
-
SHA256
ca4bbd2c29d6a678f5051a64680260707c4ed3a78d43f7ad06cbce0dadc42ea1
-
SHA512
dc472af7ea132615f976e20606fdfa50aa5bbf9ae43a7b7c57aea2e2bd1665e455d6760a308b27740f1da00a116e135789c9e89fb59786bdc30eefbb88ba6bf6
-
SSDEEP
98304:7379V+5pY31Fpj1lF2IaTI9nWRTuy31o1Ymocyb0t:n+knpjjaTw/Y1o+mDyA
Static task
static1
Malware Config
Extracted
aurora
45.9.74.11:8081
Targets
-
-
Target
Setup.exe
-
Size
53.2MB
-
MD5
24b01aa0fcc0395fdc9a450ac9c02cf5
-
SHA1
2d8c76a1d84820f754e271fe657750a7c1a8311a
-
SHA256
ca4bbd2c29d6a678f5051a64680260707c4ed3a78d43f7ad06cbce0dadc42ea1
-
SHA512
dc472af7ea132615f976e20606fdfa50aa5bbf9ae43a7b7c57aea2e2bd1665e455d6760a308b27740f1da00a116e135789c9e89fb59786bdc30eefbb88ba6bf6
-
SSDEEP
98304:7379V+5pY31Fpj1lF2IaTI9nWRTuy31o1Ymocyb0t:n+knpjjaTw/Y1o+mDyA
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-