aurora | de6a505d15313427ffff2dff04ab85cf7d2d387f3ffa43bce0e4a74beaf110e1 | Triage

Sharing

General

Target

tmp
Size

3.4MB
Sample

230305-psfx4sgd79
MD5

c1e0847bb381373f3206d346cbe36048
SHA1

7ca2f998482d8d9617844547423ec84f9471fbbd
SHA256

de6a505d15313427ffff2dff04ab85cf7d2d387f3ffa43bce0e4a74beaf110e1
SHA512

a96c287b191431693a60903426a211786dcc28962ef0c7e1b749f047d67a4fb9b9a54b89f55d287e0a7ea33d6279745fd0b1b6b2ec7a2d08cdd3f1b6730e35c3
SSDEEP

49152:VoXYiVIj11zpXVLuuK/wRPBU0aD5EjN9aLDdIHNm7Gplk1oG:VobypXO7EKLRItmKG

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

94.142.138.71:35774

Targets

- Target
  
  tmp
- Size
  
  3.4MB
- MD5
  
  c1e0847bb381373f3206d346cbe36048
- SHA1
  
  7ca2f998482d8d9617844547423ec84f9471fbbd
- SHA256
  
  de6a505d15313427ffff2dff04ab85cf7d2d387f3ffa43bce0e4a74beaf110e1
- SHA512
  
  a96c287b191431693a60903426a211786dcc28962ef0c7e1b749f047d67a4fb9b9a54b89f55d287e0a7ea33d6279745fd0b1b6b2ec7a2d08cdd3f1b6730e35c3
- SSDEEP
  
  49152:VoXYiVIj11zpXVLuuK/wRPBU0aD5EjN9aLDdIHNm7Gplk1oG:VobypXO7EKLRItmKG
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2