General
-
Target
java_win64_n1wp7ux1va.zip
-
Size
6.0MB
-
Sample
230215-h683gsac8w
-
MD5
87a4ab8a77ea800305e47ebdfc5db7ab
-
SHA1
b857d253ffb680f470fa67602873d348e4de27ef
-
SHA256
1136c9de55d2b906975ee695b073bb214e464f619d3ec0c4d2629ebd75a73485
-
SHA512
02f345147eec3e754d50d78fe7b46a5b912fe09bca964c54349cd2b0185c29a2cd7eff7a729b401c7746f640d0b1bfbdb4cf3d4fb85848feee02d0caa71c5b17
-
SSDEEP
98304:Lngh7MfXqskWDOt0pX+xmNtv6fyX8b8L9JcZ7Zxfti64qD8aKHo78C:RXqKDOt0pX+Ev6fc8bQcNQ6rJ7J
Static task
static1
Behavioral task
behavioral1
Sample
java_win64_n1wp7ux1va.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
java_win64_n1wp7ux1va.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
aurora
45.15.156.210:8081
Targets
-
-
Target
java_win64_n1wp7ux1va.exe
-
Size
270.4MB
-
MD5
340c6577104ffaa3f46abc51ce55018a
-
SHA1
8c7799428a45282dfafd342eaed5a78658915e8d
-
SHA256
8fb273ba752804302bb87573a297953beabe4c99c05d21c7cb4825d9fff3cd0a
-
SHA512
0be0d5896a77cbf6abd53fe0d98a5b0bbe2b9735e2f0f073fcf318e351f2b3ff644974936b734230a9245c420b73e3e72e8541ed18c10f6fe900c99094304f80
-
SSDEEP
24576:SnjHnThJPWqliJ/y0A5RC5gxRJ3dCeiS3Lsy1xAyulQbgYNGErplM1SHg3bHWrKS:KjHnThJuqS/y0cCNgk+lKoEC9z1
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-