aurora | 5892a93d287a1e4bd97fb09b79b6e2af5643103511f3678c8212ec803ff3b449 | Triage

Sharing

General

Target

5892a93d287a1e4bd97fb09b79b6e2af5643103511f3678c8212ec803ff3b449
Size

4.8MB
Sample

230317-wqtvhsbe2z
MD5

d442830fc92de9465d9bf425922173a5
SHA1

27eaed777470e6a9f855894b2af3c7baa1c812eb
SHA256

5892a93d287a1e4bd97fb09b79b6e2af5643103511f3678c8212ec803ff3b449
SHA512

1ce42ab9055bf0c15f8f4b90820c8d4c74f348dc1e1833d26f55f61b671cdafee24a0777ea60a3a5cf5b297c31380a79a1a7d0568c81886f2472d265f77c7146
SSDEEP

98304:9j3/I9FTuPXPlGUi317EPTiu0ENWS5ywGDZHU:9/MF4l5GgUEMSrwU

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

138.201.198.8:8081

Targets

- Target
  
  5892a93d287a1e4bd97fb09b79b6e2af5643103511f3678c8212ec803ff3b449
- Size
  
  4.8MB
- MD5
  
  d442830fc92de9465d9bf425922173a5
- SHA1
  
  27eaed777470e6a9f855894b2af3c7baa1c812eb
- SHA256
  
  5892a93d287a1e4bd97fb09b79b6e2af5643103511f3678c8212ec803ff3b449
- SHA512
  
  1ce42ab9055bf0c15f8f4b90820c8d4c74f348dc1e1833d26f55f61b671cdafee24a0777ea60a3a5cf5b297c31380a79a1a7d0568c81886f2472d265f77c7146
- SSDEEP
  
  98304:9j3/I9FTuPXPlGUi317EPTiu0ENWS5ywGDZHU:9/MF4l5GgUEMSrwU
Score

10^/10

aurora spyware stealer
- Aurora
  Aurora is a crypto wallet stealer written in Golang.
  stealer aurora
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

auroraspywarestealer