aurora | 8fb273ba752804302bb87573a297953beabe4c99c05d21c7cb4825d9fff3cd0a | Triage

Resubmissions

13-02-2023 17:02

230213-vkeyqsea7s 10

Sharing

General

Target

nvidia_win64_n1wp7ux1va.exe
Size

270.4MB
Sample

230213-vkeyqsea7s
MD5

340c6577104ffaa3f46abc51ce55018a
SHA1

8c7799428a45282dfafd342eaed5a78658915e8d
SHA256

8fb273ba752804302bb87573a297953beabe4c99c05d21c7cb4825d9fff3cd0a
SHA512

0be0d5896a77cbf6abd53fe0d98a5b0bbe2b9735e2f0f073fcf318e351f2b3ff644974936b734230a9245c420b73e3e72e8541ed18c10f6fe900c99094304f80
SSDEEP

24576:SnjHnThJPWqliJ/y0A5RC5gxRJ3dCeiS3Lsy1xAyulQbgYNGErplM1SHg3bHWrKS:KjHnThJuqS/y0cCNgk+lKoEC9z1

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

45.15.156.210:8081

Targets

- Target
  
  nvidia_win64_n1wp7ux1va.exe
- Size
  
  270.4MB
- MD5
  
  340c6577104ffaa3f46abc51ce55018a
- SHA1
  
  8c7799428a45282dfafd342eaed5a78658915e8d
- SHA256
  
  8fb273ba752804302bb87573a297953beabe4c99c05d21c7cb4825d9fff3cd0a
- SHA512
  
  0be0d5896a77cbf6abd53fe0d98a5b0bbe2b9735e2f0f073fcf318e351f2b3ff644974936b734230a9245c420b73e3e72e8541ed18c10f6fe900c99094304f80
- SSDEEP
  
  24576:SnjHnThJPWqliJ/y0A5RC5gxRJ3dCeiS3Lsy1xAyulQbgYNGErplM1SHg3bHWrKS:KjHnThJuqS/y0cCNgk+lKoEC9z1
Score

10^/10

aurora spyware stealer
- Aurora
  Aurora is a crypto wallet stealer written in Golang.
  stealer aurora
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

auroraspywarestealer

behavioral2

auroraspywarestealer