Overview

overview

10

Static

static

1

2297fd8474...in.exe

windows7-x64

10

2297fd8474...in.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2297fd847480edf06c8349f11c9a18c4.bin.exe

  • Size

    4.1MB

  • Sample

    230306-ha7vjsad9x

  • MD5

    2297fd847480edf06c8349f11c9a18c4

  • SHA1

    d8b28b25b698a2a2cab51f62aa314836eb8a9539

  • SHA256

    5e61f677c9d9b6f3d99207aaef0ed7e97b83f7f2bcad9fa6bfe9b448211e3962

  • SHA512

    2e49ff44d4e8d3af5a4993ded4be8e84d7eae238ea57e00abb149c2548890333d787dab38dcf99f8a6e86a9d9df4197fc87a0a3789aab2f4f2bbe6cfdcd4847f

  • SSDEEP

    98304:Py1WKANUQ46n5qt8O2UpxSoovsE+7fyruJHCdd:c7Q4Yqt3bphokE+7fyCJHC

Score
10/10
auroraspywarestealer

Malware Config

Extracted

Family

aurora

C2

45.15.157.130:8081

Targets

    • Target

      2297fd847480edf06c8349f11c9a18c4.bin.exe

    • Size

      4.1MB

    • MD5

      2297fd847480edf06c8349f11c9a18c4

    • SHA1

      d8b28b25b698a2a2cab51f62aa314836eb8a9539

    • SHA256

      5e61f677c9d9b6f3d99207aaef0ed7e97b83f7f2bcad9fa6bfe9b448211e3962

    • SHA512

      2e49ff44d4e8d3af5a4993ded4be8e84d7eae238ea57e00abb149c2548890333d787dab38dcf99f8a6e86a9d9df4197fc87a0a3789aab2f4f2bbe6cfdcd4847f

    • SSDEEP

      98304:Py1WKANUQ46n5qt8O2UpxSoovsE+7fyruJHCdd:c7Q4Yqt3bphokE+7fyCJHC

    Score
    10/10
    auroraspywarestealer

    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

      stealeraurora

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks