General

  • Target

    ChromiumUpdater_anc.zip

  • Size

    3.9MB

  • Sample

    230212-1bqa1agf99

  • MD5

    d34d733883e631e50db570ac572121b6

  • SHA1

    f3c71d37a08f80df3ea244ce4314ed5acc846966

  • SHA256

    ae69566c8b3858d0fd85ae4f557496d37635e85766a73364c216fd016b1a629b

  • SHA512

    a3e66ec16aa21272f3a55a567c4d92c3c27d1f9cbd7e213bb9be20e47aeba87f81ec568c5af736aa9a0c9869f7819d4eb3581b8b0a2af69a6df12b4388f9dc73

  • SSDEEP

    49152:nnfmQWBr69TnlnUD3RAbAK5EOs3XIKBYtQkv0lC/ecUxxs4xSbxXyOFTIxFx37V0:nfm+9ToBAbA2DKBYTjUrxSbEk0Ba

Score
10/10

Malware Config

Extracted

Family

aurora

C2

77.91.124.12:8081

Targets

    • Target

      ChromiumUpdater.exe

    • Size

      800.0MB

    • MD5

      4759d92bc924fff17c8af295321b1346

    • SHA1

      bf4b05686eeb296c70fe6cfb689b72fb40e18d45

    • SHA256

      450dfb6bec914855d68143fa08441576791e36d71095bc03396872f06afa5bb4

    • SHA512

      ee8aa1642c8f513b8f27de36ccb5675da6fad2b21c5fdcafc694ca448dd772beb706a207bd8def4777aefead2714447cf4ba2a0d0da1fd54016b4cfcbfe60adc

    • SSDEEP

      98304:lIBlLuskWkkWOcSuegvAePXsFXOWHOC61fhsOC:l2lL7cBnvAePsFegOn1fhzC

    Score
    10/10
    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v6

Tasks