aurora | b7318a38055034579cfb6799fd2cb264a6ef1a9f5d6952970474e4139374ef73 | Triage

Sharing

General

Target

4a39e396ddbd9c7116858b6f96a06eb2.exe
Size

1.4MB
Sample

230308-y4y3hagh22
MD5

4a39e396ddbd9c7116858b6f96a06eb2
SHA1

53d51d7c43f6af46f720025eafbf346586bfae09
SHA256

b7318a38055034579cfb6799fd2cb264a6ef1a9f5d6952970474e4139374ef73
SHA512

03984f76e2050464bc6e9269d8c488a3f7d38bdda22ced6fdcb0c43522eec1248b00772cc8510944b4856185b40883a64537fa81d7ce73e55f4271fc726dcf37
SSDEEP

24576:mFsLW3eGfYYrd+z9tEdnJkQ8D9rgf2UhxVgnj20E+3b+sC5E2B7K1X42tdYyTr6i:BLWuMrpP8D98XYqY36sCFK1I2tqu2T47

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

94.142.138.34:8081

Targets

- Target
  
  4a39e396ddbd9c7116858b6f96a06eb2.exe
- Size
  
  1.4MB
- MD5
  
  4a39e396ddbd9c7116858b6f96a06eb2
- SHA1
  
  53d51d7c43f6af46f720025eafbf346586bfae09
- SHA256
  
  b7318a38055034579cfb6799fd2cb264a6ef1a9f5d6952970474e4139374ef73
- SHA512
  
  03984f76e2050464bc6e9269d8c488a3f7d38bdda22ced6fdcb0c43522eec1248b00772cc8510944b4856185b40883a64537fa81d7ce73e55f4271fc726dcf37
- SSDEEP
  
  24576:mFsLW3eGfYYrd+z9tEdnJkQ8D9rgf2UhxVgnj20E+3b+sC5E2B7K1X42tdYyTr6i:BLWuMrpP8D98XYqY36sCFK1I2tqu2T47
Score

10^/10

aurora spyware stealer
- Aurora
  Aurora is a crypto wallet stealer written in Golang.
  stealer aurora
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

auroraspywarestealer

behavioral2

auroraspywarestealer