aurora | 48392e0c0969580a9eaa9fa882b543b319ea08e6492d3a6819bc0c5b64d78396 | Triage

Sharing

General

Target

file.exe
Size

4.4MB
Sample

230308-qv874sdh9y
MD5

15d1bdb5f6e3267b936b401485897479
SHA1

f9f1c88d6d1e929a42c15dc3c0c0afefbe42544d
SHA256

48392e0c0969580a9eaa9fa882b543b319ea08e6492d3a6819bc0c5b64d78396
SHA512

e941ad9a9fddf0dd4a0d3d0bd2b02f55e2a3361de6ce9bcc674e4bb33d82c59a4519e5cf2d90e2d422ab3f860247a8c78abd715b3ceaecbc5b013be0e42812ac
SSDEEP

49152:C2sQ8R/u6S/gPV4PW/vlLr8EdiITRf+EGg7dH1CaSo5qTk6k1lFAw8A7/eFwjDr9:CfQM/fSoPFNLQg1UTOWw8a0cDAOn

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

212.87.204.93:8081

Targets

- Target
  
  file.exe
- Size
  
  4.4MB
- MD5
  
  15d1bdb5f6e3267b936b401485897479
- SHA1
  
  f9f1c88d6d1e929a42c15dc3c0c0afefbe42544d
- SHA256
  
  48392e0c0969580a9eaa9fa882b543b319ea08e6492d3a6819bc0c5b64d78396
- SHA512
  
  e941ad9a9fddf0dd4a0d3d0bd2b02f55e2a3361de6ce9bcc674e4bb33d82c59a4519e5cf2d90e2d422ab3f860247a8c78abd715b3ceaecbc5b013be0e42812ac
- SSDEEP
  
  49152:C2sQ8R/u6S/gPV4PW/vlLr8EdiITRf+EGg7dH1CaSo5qTk6k1lFAw8A7/eFwjDr9:CfQM/fSoPFNLQg1UTOWw8a0cDAOn
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2