General

  • Target

    0a5e3621601459473cddfbe8b7bd726e.bin.exe

  • Size

    4.1MB

  • Sample

    230310-mky3lsee41

  • MD5

    0a5e3621601459473cddfbe8b7bd726e

  • SHA1

    5f523a4914d97afc60831c09ae0386ee32dfc168

  • SHA256

    4326de37d417a1630375ac12b7321bbe4deb68b98d0ccf64d46f5c5029c86b73

  • SHA512

    05ec96d03d37be57918d5cf138b6dc082c339cfc266e992d2acde6d1a80e8874f9e1fbcc3b4646e078a39a1bdd17c892c7da06c5799ee59086d976228ae8fa3b

  • SSDEEP

    98304:riau1Bt4TN4vTekNM7k3v7GfdJPonfOmD:eaSI4vikNyk3v0dJAffD

Score
10/10

Malware Config

Extracted

Family

aurora

C2

82.115.223.135:8081

Targets

    • Target

      0a5e3621601459473cddfbe8b7bd726e.bin.exe

    • Size

      4.1MB

    • MD5

      0a5e3621601459473cddfbe8b7bd726e

    • SHA1

      5f523a4914d97afc60831c09ae0386ee32dfc168

    • SHA256

      4326de37d417a1630375ac12b7321bbe4deb68b98d0ccf64d46f5c5029c86b73

    • SHA512

      05ec96d03d37be57918d5cf138b6dc082c339cfc266e992d2acde6d1a80e8874f9e1fbcc3b4646e078a39a1bdd17c892c7da06c5799ee59086d976228ae8fa3b

    • SSDEEP

      98304:riau1Bt4TN4vTekNM7k3v7GfdJPonfOmD:eaSI4vikNyk3v0dJAffD

    Score
    10/10
    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks