Malware Analysis Report

2024-11-30 23:15

Sample ID 230225-fkekmsca2t
Target 14711577406a5d442440b680200c3e2837cdbefe8416f0b50a98849d602b04cf
SHA256 14711577406a5d442440b680200c3e2837cdbefe8416f0b50a98849d602b04cf
Tags
aurora
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

14711577406a5d442440b680200c3e2837cdbefe8416f0b50a98849d602b04cf

Threat Level: Known bad

The file 14711577406a5d442440b680200c3e2837cdbefe8416f0b50a98849d602b04cf was found to be: Known bad.

Malicious Activity Summary

aurora

Aurora family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-02-25 04:55

Signatures

Aurora family

aurora

Analysis: behavioral2

Detonation Overview

Submitted

2023-02-25 04:55

Reported

2023-02-25 05:00

Platform

win10-20230220-en

Max time kernel

278s

Max time network

290s

Command Line

"C:\Users\Admin\AppData\Local\Temp\14711577406a5d442440b680200c3e2837cdbefe8416f0b50a98849d602b04cf.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\14711577406a5d442440b680200c3e2837cdbefe8416f0b50a98849d602b04cf.exe

"C:\Users\Admin\AppData\Local\Temp\14711577406a5d442440b680200c3e2837cdbefe8416f0b50a98849d602b04cf.exe"

Network

Country Destination Domain Proto
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
US 20.189.173.1:443 tcp
US 93.184.221.240:80 tcp
DE 167.235.18.89:8081 tcp
US 8.8.8.8:53 203.151.224.20.in-addr.arpa udp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-02-25 04:55

Reported

2023-02-25 05:00

Platform

win7-20230220-en

Max time kernel

284s

Max time network

300s

Command Line

"C:\Users\Admin\AppData\Local\Temp\14711577406a5d442440b680200c3e2837cdbefe8416f0b50a98849d602b04cf.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\14711577406a5d442440b680200c3e2837cdbefe8416f0b50a98849d602b04cf.exe

"C:\Users\Admin\AppData\Local\Temp\14711577406a5d442440b680200c3e2837cdbefe8416f0b50a98849d602b04cf.exe"

Network

Country Destination Domain Proto
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp
DE 167.235.18.89:8081 tcp

Files

N/A