aurora | b5c486b05ed054bf9433bbfcb3d26e02eee06243435adf105307bc0d193af4d8 | Triage

Sharing

General

Target

tmp
Size

7.5MB
Sample

230320-tx2gtsgd9y
MD5

cc1ea92ccab2960cedad3783799f56bb
SHA1

08c93ee33fc4c4486b710781da848acb259233c8
SHA256

b5c486b05ed054bf9433bbfcb3d26e02eee06243435adf105307bc0d193af4d8
SHA512

62c8b32f74e4ee0bd427c6025e51ae2b652184d5fb79ac41e0dcebc6bb1c2bebe1920f4e0edb21bbe21125fe6d0f418cfaef4b6b8dc5f5a2e0744cf560257049
SSDEEP

24576:mATqsCp2Y4QpiwrVFwPteCpZTbceUIqzjoLh+joixy//qE522wuZ3/cRDJRkAYq8:pqsCpx4RwrVaoCrgk+lK1EbMz1

Score

10^/10

aurora stealer

Malware Config

Extracted

Family

aurora

C2

94.142.138.94:8081

Targets

- Target
  
  tmp
- Size
  
  7.5MB
- MD5
  
  cc1ea92ccab2960cedad3783799f56bb
- SHA1
  
  08c93ee33fc4c4486b710781da848acb259233c8
- SHA256
  
  b5c486b05ed054bf9433bbfcb3d26e02eee06243435adf105307bc0d193af4d8
- SHA512
  
  62c8b32f74e4ee0bd427c6025e51ae2b652184d5fb79ac41e0dcebc6bb1c2bebe1920f4e0edb21bbe21125fe6d0f418cfaef4b6b8dc5f5a2e0744cf560257049
- SSDEEP
  
  24576:mATqsCp2Y4QpiwrVFwPteCpZTbceUIqzjoLh+joixy//qE522wuZ3/cRDJRkAYq8:pqsCpx4RwrVaoCrgk+lK1EbMz1
Score

10^/10

aurora stealer
- Aurora
  Aurora is a crypto wallet stealer written in Golang.
  stealer aurora
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2