aurora | 1bb3d1cfe99f7dcc5898431a3329c39eb6ca9d2e39072c83d469b3898c1a124f | Triage

Sharing

General

Target

2daf6321a7fb96cd0834ebd018e67dc2.exe
Size

3.0MB
Sample

230225-tf7yaadf75
MD5

2daf6321a7fb96cd0834ebd018e67dc2
SHA1

a5a919af73f94ac824ee77df9c140a3a616518e8
SHA256

1bb3d1cfe99f7dcc5898431a3329c39eb6ca9d2e39072c83d469b3898c1a124f
SHA512

210a04c1d2397acc1d199b48076c7b7d434b4cfe02e25d090b95bd4ffe9cf29a17e4d849762657f033e1bd5cf40f319122e799d30ce80ad8176715b2ac7d6450
SSDEEP

49152:5Lx3cqFBYdH3EQK1EsBgcPaVsLFA8p9u1Xk1:02YEB1LO8p

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

185.106.93.132:8081

Targets

- Target
  
  2daf6321a7fb96cd0834ebd018e67dc2.exe
- Size
  
  3.0MB
- MD5
  
  2daf6321a7fb96cd0834ebd018e67dc2
- SHA1
  
  a5a919af73f94ac824ee77df9c140a3a616518e8
- SHA256
  
  1bb3d1cfe99f7dcc5898431a3329c39eb6ca9d2e39072c83d469b3898c1a124f
- SHA512
  
  210a04c1d2397acc1d199b48076c7b7d434b4cfe02e25d090b95bd4ffe9cf29a17e4d849762657f033e1bd5cf40f319122e799d30ce80ad8176715b2ac7d6450
- SSDEEP
  
  49152:5Lx3cqFBYdH3EQK1EsBgcPaVsLFA8p9u1Xk1:02YEB1LO8p
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2