Resubmissions

13-02-2023 17:02

230213-vkeyqsea7s 10

General

  • Target

    nvidia_win64_n1wp7ux1va.exe

  • Size

    270.4MB

  • Sample

    230213-vkeyqsea7s

  • MD5

    340c6577104ffaa3f46abc51ce55018a

  • SHA1

    8c7799428a45282dfafd342eaed5a78658915e8d

  • SHA256

    8fb273ba752804302bb87573a297953beabe4c99c05d21c7cb4825d9fff3cd0a

  • SHA512

    0be0d5896a77cbf6abd53fe0d98a5b0bbe2b9735e2f0f073fcf318e351f2b3ff644974936b734230a9245c420b73e3e72e8541ed18c10f6fe900c99094304f80

  • SSDEEP

    24576:SnjHnThJPWqliJ/y0A5RC5gxRJ3dCeiS3Lsy1xAyulQbgYNGErplM1SHg3bHWrKS:KjHnThJuqS/y0cCNgk+lKoEC9z1

Score
10/10

Malware Config

Extracted

Family

aurora

C2

45.15.156.210:8081

Targets

    • Target

      nvidia_win64_n1wp7ux1va.exe

    • Size

      270.4MB

    • MD5

      340c6577104ffaa3f46abc51ce55018a

    • SHA1

      8c7799428a45282dfafd342eaed5a78658915e8d

    • SHA256

      8fb273ba752804302bb87573a297953beabe4c99c05d21c7cb4825d9fff3cd0a

    • SHA512

      0be0d5896a77cbf6abd53fe0d98a5b0bbe2b9735e2f0f073fcf318e351f2b3ff644974936b734230a9245c420b73e3e72e8541ed18c10f6fe900c99094304f80

    • SSDEEP

      24576:SnjHnThJPWqliJ/y0A5RC5gxRJ3dCeiS3Lsy1xAyulQbgYNGErplM1SHg3bHWrKS:KjHnThJuqS/y0cCNgk+lKoEC9z1

    Score
    10/10
    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks