Overview

overview

10

Static

static

1

ShredderLow.exe

windows7-x64

10

ShredderLow.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-02-2023 15:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ShredderLow.exe

  • Size

    4.7MB

  • MD5

    30ab149c484e5aa6a3c091a375898240

  • SHA1

    3d5558c8ddfe63a7f32af24b8c7ce9df31d6374e

  • SHA256

    0051ed3d67989a915c8558eeb54021b5a0ff2d99ac226181a3461b2a9c50385f

  • SHA512

    fcd37dcb1fb9630966cc4bb45b87d70177457ccfde9f85d61fff6cc259752a363b7c8b17ef63238fb7f488c680ac99931171a7d4ae425bf2c74cd8a08e42925d

  • SSDEEP

    98304:m2h7pKO+6PbFmS3VjVEOeTtJaAbLECnrZXJT7:m6bFmS3VjVEOeTtJHbdnrz7

Score
10/10
aurorastealer

Malware Config

Extracted

Family

aurora

C2

217.195.155.154:8081

Signatures

  • Aurora

    Aurora is a crypto wallet stealer written in Golang.

    stealeraurora
  • Program crash 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ShredderLow.exe
    "C:\Users\Admin\AppData\Local\Temp\ShredderLow.exe"
    1⤵
      PID:548
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 536
        2⤵
        • Program crash
        PID:4352
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 560
        2⤵
        • Program crash
        PID:2224
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 580
        2⤵
        • Program crash
        PID:3572
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 608
        2⤵
        • Program crash
        PID:3832
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 548 -ip 548
      1⤵
        PID:4852
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 548 -ip 548
        1⤵
          PID:2016
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 548 -ip 548
          1⤵
            PID:1016
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 548 -ip 548
            1⤵
              PID:1968

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/548-133-0x0000000002630000-0x0000000002631000-memory.dmp
              Filesize

              4KB

              Download
            • memory/548-134-0x0000000003130000-0x0000000003577000-memory.dmp
              Filesize

              4.3MB

              Download
            • memory/548-135-0x0000000000400000-0x00000000008BC000-memory.dmp
              Filesize

              4.7MB

              Download
            • memory/548-138-0x0000000000400000-0x00000000008BC000-memory.dmp
              Filesize

              4.7MB

              Download
            • memory/548-140-0x0000000000400000-0x00000000008BC000-memory.dmp
              Filesize

              4.7MB

              Download
            • memory/548-142-0x0000000000400000-0x00000000008BC000-memory.dmp
              Filesize

              4.7MB

              Download
            • memory/548-144-0x0000000000400000-0x00000000008BC000-memory.dmp
              Filesize

              4.7MB

              Download
            • memory/548-146-0x0000000000400000-0x00000000008BC000-memory.dmp
              Filesize

              4.7MB

              Download