Overview

overview

10

Static

static

1

1c1ca2ed51...in.exe

windows7-x64

10

1c1ca2ed51...in.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-03-2023 15:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c1ca2ed51b39a0eaf5a1f0938c27213.bin.exe

  • Size

    3.8MB

  • MD5

    1c1ca2ed51b39a0eaf5a1f0938c27213

  • SHA1

    f1398c6185a1e01cab88c9f3d022f6cd43785b8e

  • SHA256

    c533034c68cf9b7b86b79950c132979106d33b05c2fb01f97b31c831c410f40c

  • SHA512

    d7b2b388e2948e2f3e0a2dcf1b098d1e6765ae4d9074eaa8de52da65fc046186087b6426e69a61a6e97aa07662b0918d2ff3bd59214f9d7ceb7d341d6cd4c49a

  • SSDEEP

    49152:e4OuahtPKe0hSRjxv0H0W4Gih7Il3CCJCRhHHcaQlNwQNpJjVRdu:e2rhMj90H27IFCCMNQYQNpvO

Score
10/10
aurorastealer

Malware Config

Extracted

Family

aurora

C2

82.115.223.135:8081

Signatures

  • Aurora

    Aurora is a crypto wallet stealer written in Golang.

    stealeraurora
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c1ca2ed51b39a0eaf5a1f0938c27213.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\1c1ca2ed51b39a0eaf5a1f0938c27213.bin.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2000
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
      2⤵
        PID:1512
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
        2⤵
          PID:4512
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
          2⤵
            PID:1988

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1988-133-0x0000000000400000-0x0000000000731000-memory.dmp
          Filesize

          3.2MB

          Download
        • memory/1988-135-0x0000000000400000-0x0000000000731000-memory.dmp
          Filesize

          3.2MB

          Download
        • memory/1988-136-0x0000000000400000-0x0000000000731000-memory.dmp
          Filesize

          3.2MB

          Download
        • memory/1988-137-0x0000000000400000-0x0000000000731000-memory.dmp
          Filesize

          3.2MB

          Download
        • memory/1988-138-0x0000000000400000-0x0000000000731000-memory.dmp
          Filesize

          3.2MB

          Download
        • memory/1988-139-0x0000000000400000-0x0000000000731000-memory.dmp
          Filesize

          3.2MB

          Download
        • memory/1988-140-0x0000000000400000-0x0000000000731000-memory.dmp
          Filesize

          3.2MB

          Download
        • memory/1988-141-0x0000000000400000-0x0000000000731000-memory.dmp
          Filesize

          3.2MB

          Download