aurora | dafacda4cfc0db8960891b2386b9cda1c0f521daddc8b6b8cca73fcbf12eae1b | Triage

Sharing

General

Target

ChromiumUpdater_conex.zip
Size

3.9MB
Sample

230221-yteacagc95
MD5

eb83849736ad2a73f01bf876b4662572
SHA1

f99dcf7be4cc77769e254ff2eccdb58b3277ccb4
SHA256

dafacda4cfc0db8960891b2386b9cda1c0f521daddc8b6b8cca73fcbf12eae1b
SHA512

baddbeeda1374c109e0b3633bae3e0e747f6f3fcd06bd315896e671e0d67004a3a1a5e25042c25f9fea8f8f994a75ce6497778de629371d33477c385c37217e2
SSDEEP

49152:fevcCgUtc22kiBPjwnymSEtXCDtasFVvLlGEbHatXLHYC9bMCfoMuTd5kNOaIsPJ:fevvgUtc4iB8nWUXaCqo739bg1aryro

Score

10^/10

aurora stealer

Malware Config

Extracted

Family

aurora

C2

77.91.124.12:8081

Targets

- Target
  
  ChromiumUpdater.exe
- Size
  
  800.0MB
- MD5
  
  08cdb070611396e11631d07d8edffa5e
- SHA1
  
  f335b698268881904bbe2eceb6e24354de2a08ad
- SHA256
  
  1eb1fd9face0a477e82e40f2e18cd9d305202d69f2830ecbdfe8299ba8d391b5
- SHA512
  
  6637484723ac59f09abbdc747657aa0d7271a54812a44166bbb70017de6a75c3a0568f6202df6d296ae8c94cd7715950c9976905b9072fbb66828c53ea0d3c7d
- SSDEEP
  
  49152:mtnc2azvgRILo/tSXD+xMCuBoYdo0U5LJi0UaccLLK/nz9UlT5+07+d/VJRnpHJy:YWzo+0/0XiMCCzU5LJdoMC9w407+VR9
Score

10^/10

aurora stealer
- Aurora
  Aurora is a crypto wallet stealer written in Golang.
  stealer aurora
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2