aurora | 7d8f5d965f6466e1282224bf2b39324c4f98ee39c805c89119da7ddc7a36a658 | Triage

Sharing

General

Target

7d8f5d965f6466e1282224bf2b39324c4f98ee39c805c89119da7ddc7a36a658
Size

7.0MB
Sample

230315-ck8a6sch5x
MD5

e309c8e66cb963033a3e8cc4b480f81d
SHA1

134e53048c0e8055cbb913779068f923751abd91
SHA256

7d8f5d965f6466e1282224bf2b39324c4f98ee39c805c89119da7ddc7a36a658
SHA512

1fe506e3601e0ddabe6a2c096e1e588fbf5d2fc80cab4d379121895bc1c2d64b5da8b293637420e024e35bbb75217bccc6fc99368d51c39fc6ab5199e47587a3
SSDEEP

49152:1gjtfvNrQtMX9NQz0/BtRd8F4Ji8UUr8eNp2HEqkseUJc0In5:W7rQQvQzyR84JxF8eNp2HEqksPcd

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

138.201.198.8:8081

Targets

- Target
  
  7d8f5d965f6466e1282224bf2b39324c4f98ee39c805c89119da7ddc7a36a658
- Size
  
  7.0MB
- MD5
  
  e309c8e66cb963033a3e8cc4b480f81d
- SHA1
  
  134e53048c0e8055cbb913779068f923751abd91
- SHA256
  
  7d8f5d965f6466e1282224bf2b39324c4f98ee39c805c89119da7ddc7a36a658
- SHA512
  
  1fe506e3601e0ddabe6a2c096e1e588fbf5d2fc80cab4d379121895bc1c2d64b5da8b293637420e024e35bbb75217bccc6fc99368d51c39fc6ab5199e47587a3
- SSDEEP
  
  49152:1gjtfvNrQtMX9NQz0/BtRd8F4Ji8UUr8eNp2HEqkseUJc0In5:W7rQQvQzyR84JxF8eNp2HEqksPcd
Score

10^/10

aurora spyware stealer
- Aurora
  Aurora is a crypto wallet stealer written in Golang.
  stealer aurora
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

auroraspywarestealer