aurora | 2e5260973969192f9cc166487adb128832e22f2752b176359c51264a6e5d7faa | Triage

Sharing

General

Target

2e5260973969192f9cc166487adb128832e22f2752b176359c51264a6e5d7faa
Size

2.4MB
Sample

230315-ck8lyach5y
MD5

5343b3beaadd15a14319e4b21dc68077
SHA1

6d8b2b4c9418d882fb10ea958d5e5f281a14396b
SHA256

2e5260973969192f9cc166487adb128832e22f2752b176359c51264a6e5d7faa
SHA512

2ea3cc32b56eff42298772ac90eb26b6de98ec3c3bb183b2c1d8bbcc4c5c68877b32268b80e00ef9d4779a0c30b765f8a8bf345ef45e863b9fc2a04f5c79ab3f
SSDEEP

49152:GAE84ts1AF+Asb9wya6uAdaOebmDhEbhQzfnXIqWur2h7bwKPG9T9s:wwb9wya6uAdKmDhEbufnYVur2qKAs

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

92.119.231.161:8081

Targets

- Target
  
  2e5260973969192f9cc166487adb128832e22f2752b176359c51264a6e5d7faa
- Size
  
  2.4MB
- MD5
  
  5343b3beaadd15a14319e4b21dc68077
- SHA1
  
  6d8b2b4c9418d882fb10ea958d5e5f281a14396b
- SHA256
  
  2e5260973969192f9cc166487adb128832e22f2752b176359c51264a6e5d7faa
- SHA512
  
  2ea3cc32b56eff42298772ac90eb26b6de98ec3c3bb183b2c1d8bbcc4c5c68877b32268b80e00ef9d4779a0c30b765f8a8bf345ef45e863b9fc2a04f5c79ab3f
- SSDEEP
  
  49152:GAE84ts1AF+Asb9wya6uAdaOebmDhEbhQzfnXIqWur2h7bwKPG9T9s:wwb9wya6uAdKmDhEbufnYVur2qKAs
Score

10^/10

aurora spyware stealer
- Aurora
  Aurora is a crypto wallet stealer written in Golang.
  stealer aurora
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

auroraspywarestealer