General
-
Target
4f253477a36850490e31add375d9cdad.bin
-
Size
2.8MB
-
Sample
230317-h84wjseg77
-
MD5
716670fc9717e4d8b24393fec05a9a37
-
SHA1
70dd9dcd3c05451e87ee19dd2c6c75cac2bd55ba
-
SHA256
f53bce6c33dbf7a2709fe37d2bd85b7b04c39fb8b718926f151a314cbdb231b0
-
SHA512
d83600f90bc6ef1ac0c61b9821c3aed2f039485ca08206616fc2156668a36c699e03b98ce9c7b50cdbdda4f8c97b5f730cd1f26c0c2e57aeac7344b5f9d0531a
-
SSDEEP
49152:Zeks8dW42rSM4eY6tOXqLy89FhKvCY/r5qRXkhrlyxl6sZD2i5Z1SOKVhv6tDzD:u8IhF4eYgLb9Fu7jw12i5jSOshSxD
Malware Config
Extracted
aurora
138.201.198.8:8081
Targets
-
-
Target
9d46f656238d21c07a1d280b8a23171d05ae87dbb136d4c0efefa578132058cf.exe
-
Size
5.0MB
-
MD5
4f253477a36850490e31add375d9cdad
-
SHA1
0bbd876a81e43746595da1b71285ef6978ceb162
-
SHA256
9d46f656238d21c07a1d280b8a23171d05ae87dbb136d4c0efefa578132058cf
-
SHA512
c3fd8354070103f423b937f0dbe8d4a1285494ea14e4a5748b4b9936d019a4b38dd65d447a3471a8ba41f21275c33800e756666c9ba450276c7cd0f7b420b8b8
-
SSDEEP
98304:UJbMKqBTZlgY5FlcBfclcPi7LO049CDZe:MMKslMBfcc67LrHD8
Score10/10-
Aurora
Aurora is a crypto wallet stealer written in Golang.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-