aurora | 5892a93d287a1e4bd97fb09b79b6e2af5643103511f3678c8212ec803ff3b449 | Triage

Sharing

General

Target

5892a93d287a1e4bd97fb09b79b6e2af5643103511f3678c8212ec803ff3b449
Size

4.8MB
Sample

230317-wqtvhsbe2z
MD5

d442830fc92de9465d9bf425922173a5
SHA1

27eaed777470e6a9f855894b2af3c7baa1c812eb
SHA256

5892a93d287a1e4bd97fb09b79b6e2af5643103511f3678c8212ec803ff3b449
SHA512

1ce42ab9055bf0c15f8f4b90820c8d4c74f348dc1e1833d26f55f61b671cdafee24a0777ea60a3a5cf5b297c31380a79a1a7d0568c81886f2472d265f77c7146
SSDEEP

98304:9j3/I9FTuPXPlGUi317EPTiu0ENWS5ywGDZHU:9/MF4l5GgUEMSrwU

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

138.201.198.8:8081

Targets

- Target
  
  5892a93d287a1e4bd97fb09b79b6e2af5643103511f3678c8212ec803ff3b449
- Size
  
  4.8MB
- MD5
  
  d442830fc92de9465d9bf425922173a5
- SHA1
  
  27eaed777470e6a9f855894b2af3c7baa1c812eb
- SHA256
  
  5892a93d287a1e4bd97fb09b79b6e2af5643103511f3678c8212ec803ff3b449
- SHA512
  
  1ce42ab9055bf0c15f8f4b90820c8d4c74f348dc1e1833d26f55f61b671cdafee24a0777ea60a3a5cf5b297c31380a79a1a7d0568c81886f2472d265f77c7146
- SSDEEP
  
  98304:9j3/I9FTuPXPlGUi317EPTiu0ENWS5ywGDZHU:9/MF4l5GgUEMSrwU
Score

10^/10

aurora spyware stealer
- Aurora
  Aurora is a crypto wallet stealer written in Golang.
  stealer aurora
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

auroraspywarestealer