General

  • Target

    4a39e396ddbd9c7116858b6f96a06eb2.exe

  • Size

    1.4MB

  • Sample

    230308-y4y3hagh22

  • MD5

    4a39e396ddbd9c7116858b6f96a06eb2

  • SHA1

    53d51d7c43f6af46f720025eafbf346586bfae09

  • SHA256

    b7318a38055034579cfb6799fd2cb264a6ef1a9f5d6952970474e4139374ef73

  • SHA512

    03984f76e2050464bc6e9269d8c488a3f7d38bdda22ced6fdcb0c43522eec1248b00772cc8510944b4856185b40883a64537fa81d7ce73e55f4271fc726dcf37

  • SSDEEP

    24576:mFsLW3eGfYYrd+z9tEdnJkQ8D9rgf2UhxVgnj20E+3b+sC5E2B7K1X42tdYyTr6i:BLWuMrpP8D98XYqY36sCFK1I2tqu2T47

Score
10/10

Malware Config

Extracted

Family

aurora

C2

94.142.138.34:8081

Targets

    • Target

      4a39e396ddbd9c7116858b6f96a06eb2.exe

    • Size

      1.4MB

    • MD5

      4a39e396ddbd9c7116858b6f96a06eb2

    • SHA1

      53d51d7c43f6af46f720025eafbf346586bfae09

    • SHA256

      b7318a38055034579cfb6799fd2cb264a6ef1a9f5d6952970474e4139374ef73

    • SHA512

      03984f76e2050464bc6e9269d8c488a3f7d38bdda22ced6fdcb0c43522eec1248b00772cc8510944b4856185b40883a64537fa81d7ce73e55f4271fc726dcf37

    • SSDEEP

      24576:mFsLW3eGfYYrd+z9tEdnJkQ8D9rgf2UhxVgnj20E+3b+sC5E2B7K1X42tdYyTr6i:BLWuMrpP8D98XYqY36sCFK1I2tqu2T47

    Score
    10/10
    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Collection

Data from Local System

2
T1005

Tasks