aurora | 60f5cf24370600410d431405a2af891db1e19396a73d437b33f2e9c01e9fb27e | Triage

Sharing

General

Target

tmp
Size

7.5MB
Sample

230319-qfbnasae6v
MD5

1431d295525534f244dd34a8a311b87f
SHA1

2d0d2190ed780bf8dfed135bd1d12cae53860ebe
SHA256

60f5cf24370600410d431405a2af891db1e19396a73d437b33f2e9c01e9fb27e
SHA512

dd7085d43c12c1c7d59be73e66e5797966f7310fdd40ff2979fc770fa6fb5164484661fdfa7b73f8fc7a2dac32a452683f021e56fa4b1135bbbb9d140794ee02
SSDEEP

24576:2H5qGTyaJEUcmADwRqPACrUJJiILBCR5LpWKMuy1rnwNnNQx/PEEDnpfuZWI9pIx:4qGTyMEQADwwACagk+lKo83Vz1

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

45.15.156.172:8081

Targets

- Target
  
  tmp
- Size
  
  7.5MB
- MD5
  
  1431d295525534f244dd34a8a311b87f
- SHA1
  
  2d0d2190ed780bf8dfed135bd1d12cae53860ebe
- SHA256
  
  60f5cf24370600410d431405a2af891db1e19396a73d437b33f2e9c01e9fb27e
- SHA512
  
  dd7085d43c12c1c7d59be73e66e5797966f7310fdd40ff2979fc770fa6fb5164484661fdfa7b73f8fc7a2dac32a452683f021e56fa4b1135bbbb9d140794ee02
- SSDEEP
  
  24576:2H5qGTyaJEUcmADwRqPACrUJJiILBCR5LpWKMuy1rnwNnNQx/PEEDnpfuZWI9pIx:4qGTyMEQADwwACagk+lKo83Vz1
Score

10^/10

aurora spyware stealer
- Aurora
  Aurora is a crypto wallet stealer written in Golang.
  stealer aurora
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

auroraspywarestealer

behavioral2

auroraspywarestealer