Analysis
-
max time kernel
56s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
26-02-2023 09:19
General
-
Target
innosetup-6.2.1.exe
-
Size
807.4MB
-
MD5
0257fe004e87f99031fde2dcbec1f727
-
SHA1
e00a5c6d34d7bc6e9d663b88230d86de16abc8a1
-
SHA256
d5bb2d356876be75ddc3a2c26172acd352dac04c9b49eea6695b05b9ddba7495
-
SHA512
b6d81b126b39bb2eb3829eda0fc00eff25900c965a3a046cef63bf14f102c5480cff4c31482d93e63ae4779c73087f4541e8092597b85e73bb49973c3cfc412b
-
SSDEEP
24576:x94s6V9vqyQT0iAw7vyc6CD8aH465hV27+TYF5otaz4ihmfg0dGRX8N1f+2b39Yh:x9h6V9vq/AwryFCJCh1z1
Score
10/10
Malware Config
Extracted
Family
aurora
C2
94.142.138.71:8081
Signatures
-
Aurora
Aurora is a crypto wallet stealer written in Golang.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\innosetup-6.2.1.exe"C:\Users\Admin\AppData\Local\Temp\innosetup-6.2.1.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\innosetup-6.2.1.exe"C:\Users\Admin\AppData\Local\Temp\innosetup-6.2.1.exe"2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1028-133-0x0000000000EA0000-0x00000000011FD000-memory.dmpFilesize
3.4MB
-
memory/1028-139-0x0000000000EA0000-0x00000000011FD000-memory.dmpFilesize
3.4MB
-
memory/1028-145-0x0000000000EA0000-0x00000000011FD000-memory.dmpFilesize
3.4MB
-
memory/1028-146-0x0000000000EA0000-0x00000000011FD000-memory.dmpFilesize
3.4MB
-
memory/1028-147-0x0000000000EA0000-0x00000000011FD000-memory.dmpFilesize
3.4MB
-
memory/1028-148-0x0000000000EA0000-0x00000000011FD000-memory.dmpFilesize
3.4MB
-
memory/1028-149-0x0000000000EA0000-0x00000000011FD000-memory.dmpFilesize
3.4MB
-
memory/1028-150-0x0000000000EA0000-0x00000000011FD000-memory.dmpFilesize
3.4MB