Overview

overview

10

Static

static

1

0a5e362160...in.exe

windows7-x64

10

0a5e362160...in.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a5e3621601459473cddfbe8b7bd726e.bin.exe

  • Size

    4.1MB

  • Sample

    230310-mky3lsee41

  • MD5

    0a5e3621601459473cddfbe8b7bd726e

  • SHA1

    5f523a4914d97afc60831c09ae0386ee32dfc168

  • SHA256

    4326de37d417a1630375ac12b7321bbe4deb68b98d0ccf64d46f5c5029c86b73

  • SHA512

    05ec96d03d37be57918d5cf138b6dc082c339cfc266e992d2acde6d1a80e8874f9e1fbcc3b4646e078a39a1bdd17c892c7da06c5799ee59086d976228ae8fa3b

  • SSDEEP

    98304:riau1Bt4TN4vTekNM7k3v7GfdJPonfOmD:eaSI4vikNyk3v0dJAffD

Score
10/10
auroraspywarestealer

Malware Config

Extracted

Family

aurora

C2

82.115.223.135:8081

Targets

    • Target

      0a5e3621601459473cddfbe8b7bd726e.bin.exe

    • Size

      4.1MB

    • MD5

      0a5e3621601459473cddfbe8b7bd726e

    • SHA1

      5f523a4914d97afc60831c09ae0386ee32dfc168

    • SHA256

      4326de37d417a1630375ac12b7321bbe4deb68b98d0ccf64d46f5c5029c86b73

    • SHA512

      05ec96d03d37be57918d5cf138b6dc082c339cfc266e992d2acde6d1a80e8874f9e1fbcc3b4646e078a39a1bdd17c892c7da06c5799ee59086d976228ae8fa3b

    • SSDEEP

      98304:riau1Bt4TN4vTekNM7k3v7GfdJPonfOmD:eaSI4vikNyk3v0dJAffD

    Score
    10/10
    auroraspywarestealer

    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

      stealeraurora

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks