aurora | 07b974442b53035b8d057a7b429c191fe71f149a698041b005ee85645a89c165 | Triage

Sharing

General

Target

07b974442b53035b8d057a7b429c191fe71f149a698041b005ee85645a89c165
Size

3.0MB
Sample

230225-17h7kaee5v
MD5

af4268c094f2a9c6e6a85f8626b9a5c7
SHA1

7d6b6083ec9081f52517cc7952dfb0c1c416e395
SHA256

07b974442b53035b8d057a7b429c191fe71f149a698041b005ee85645a89c165
SHA512

2ab2d4771841ebbeb195d21697c1708db985ae821a7ed3e2bb050c5759fbdb1e7784354fa5611e377a603a6db437e90a7258ecfcbea7703e584330b91eacac68
SSDEEP

49152:y2sQ8R/u6S/gPV4PW/vlLr8EdiITRf+EGg7dH1zaSo5hTk6k1qFG:yfQM/fSoPFNLQg1WT5Q

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

212.87.204.93:8081

Targets

- Target
  
  07b974442b53035b8d057a7b429c191fe71f149a698041b005ee85645a89c165
- Size
  
  3.0MB
- MD5
  
  af4268c094f2a9c6e6a85f8626b9a5c7
- SHA1
  
  7d6b6083ec9081f52517cc7952dfb0c1c416e395
- SHA256
  
  07b974442b53035b8d057a7b429c191fe71f149a698041b005ee85645a89c165
- SHA512
  
  2ab2d4771841ebbeb195d21697c1708db985ae821a7ed3e2bb050c5759fbdb1e7784354fa5611e377a603a6db437e90a7258ecfcbea7703e584330b91eacac68
- SSDEEP
  
  49152:y2sQ8R/u6S/gPV4PW/vlLr8EdiITRf+EGg7dH1zaSo5hTk6k1qFG:yfQM/fSoPFNLQg1WT5Q
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2