aurora | 1bb3d1cfe99f7dcc5898431a3329c39eb6ca9d2e39072c83d469b3898c1a124f | Triage

Sharing

General

Target

2daf6321a7fb96cd0834ebd018e67dc2.exe
Size

3.0MB
Sample

230225-tf7yaadf75
MD5

2daf6321a7fb96cd0834ebd018e67dc2
SHA1

a5a919af73f94ac824ee77df9c140a3a616518e8
SHA256

1bb3d1cfe99f7dcc5898431a3329c39eb6ca9d2e39072c83d469b3898c1a124f
SHA512

210a04c1d2397acc1d199b48076c7b7d434b4cfe02e25d090b95bd4ffe9cf29a17e4d849762657f033e1bd5cf40f319122e799d30ce80ad8176715b2ac7d6450
SSDEEP

49152:5Lx3cqFBYdH3EQK1EsBgcPaVsLFA8p9u1Xk1:02YEB1LO8p

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

185.106.93.132:8081

Targets

- Target
  
  2daf6321a7fb96cd0834ebd018e67dc2.exe
- Size
  
  3.0MB
- MD5
  
  2daf6321a7fb96cd0834ebd018e67dc2
- SHA1
  
  a5a919af73f94ac824ee77df9c140a3a616518e8
- SHA256
  
  1bb3d1cfe99f7dcc5898431a3329c39eb6ca9d2e39072c83d469b3898c1a124f
- SHA512
  
  210a04c1d2397acc1d199b48076c7b7d434b4cfe02e25d090b95bd4ffe9cf29a17e4d849762657f033e1bd5cf40f319122e799d30ce80ad8176715b2ac7d6450
- SSDEEP
  
  49152:5Lx3cqFBYdH3EQK1EsBgcPaVsLFA8p9u1Xk1:02YEB1LO8p
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2