aurora | eb94f26dac1f7c898651fbb8e301bbff8633614a561359ac7bca7a58e358ac58 | Triage

Sharing

General

Target

Setup.exe
Size

10.4MB
Sample

230216-x8nxnabd63
MD5

3a074786e039c85614cef159998f0b6a
SHA1

1d84450186359d35ce582aefce6fe72c5995737d
SHA256

eb94f26dac1f7c898651fbb8e301bbff8633614a561359ac7bca7a58e358ac58
SHA512

470e9036ac1754d9406063999649c490a4d99002723f2e9734b7eece694c0ff5b8a3898cc0f795a9a3519f817e4219a587a1700fbd0904b9fb62e26d724786d8
SSDEEP

24576:XnTBn2pOPmCliE/y0AB0CWB3a9OKHwVXXylBTSViHzcqjn3aMfIS/NDnE7kBy3z6:XTBn2pOeC//y0tC7gk+lKcTQcAz1

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

94.142.138.18:8081

Targets

- Target
  
  Setup.exe
- Size
  
  10.4MB
- MD5
  
  3a074786e039c85614cef159998f0b6a
- SHA1
  
  1d84450186359d35ce582aefce6fe72c5995737d
- SHA256
  
  eb94f26dac1f7c898651fbb8e301bbff8633614a561359ac7bca7a58e358ac58
- SHA512
  
  470e9036ac1754d9406063999649c490a4d99002723f2e9734b7eece694c0ff5b8a3898cc0f795a9a3519f817e4219a587a1700fbd0904b9fb62e26d724786d8
- SSDEEP
  
  24576:XnTBn2pOPmCliE/y0AB0CWB3a9OKHwVXXylBTSViHzcqjn3aMfIS/NDnE7kBy3z6:XTBn2pOeC//y0tC7gk+lKcTQcAz1
Score

10^/10

aurora spyware stealer
- Aurora
  Aurora is a crypto wallet stealer written in Golang.
  stealer aurora
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

auroraspywarestealer

behavioral2

auroraspywarestealer