Malware Analysis Report

2024-11-30 22:57

Sample ID 230224-2a7z4abb77
Target 14711577406a5d442440b680200c3e2837cdbefe8416f0b50a98849d602b04cf
SHA256 14711577406a5d442440b680200c3e2837cdbefe8416f0b50a98849d602b04cf
Tags
aurora
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

14711577406a5d442440b680200c3e2837cdbefe8416f0b50a98849d602b04cf

Threat Level: Known bad

The file 14711577406a5d442440b680200c3e2837cdbefe8416f0b50a98849d602b04cf was found to be: Known bad.

Malicious Activity Summary

aurora

Aurora family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-02-24 22:23

Signatures

Aurora family

aurora

Analysis: behavioral1

Detonation Overview

Submitted

2023-02-24 22:23

Reported

2023-02-24 22:28

Platform

win7-20230220-en

Max time kernel

283s

Max time network

297s

Command Line

"C:\Users\Admin\AppData\Local\Temp\14711577406a5d442440b680200c3e2837cdbefe8416f0b50a98849d602b04cf.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\14711577406a5d442440b680200c3e2837cdbefe8416f0b50a98849d602b04cf.exe

"C:\Users\Admin\AppData\Local\Temp\14711577406a5d442440b680200c3e2837cdbefe8416f0b50a98849d602b04cf.exe"

Network

Country Destination Domain Proto
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-02-24 22:23

Reported

2023-02-24 22:28

Platform

win10-20230220-en

Max time kernel

277s

Max time network

290s

Command Line

"C:\Users\Admin\AppData\Local\Temp\14711577406a5d442440b680200c3e2837cdbefe8416f0b50a98849d602b04cf.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\14711577406a5d442440b680200c3e2837cdbefe8416f0b50a98849d602b04cf.exe

"C:\Users\Admin\AppData\Local\Temp\14711577406a5d442440b680200c3e2837cdbefe8416f0b50a98849d602b04cf.exe"

Network

Country Destination Domain Proto
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
JP 40.74.98.194:443 tcp
NL 178.79.208.1:80 tcp
DE 167.235.18.89:8081 tcp
US 8.8.8.8:53 73.254.224.20.in-addr.arpa udp
US 8.8.8.8:53 9.57.101.20.in-addr.arpa udp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp

Files

N/A