General
-
Target
9d46f656238d21c07a1d280b8a23171d05ae87dbb136d4c0efefa578132058cf.zip
-
Size
2.8MB
-
Sample
230321-rv1fmsda7v
-
MD5
4ac02ddb48c47af7142f06d448f4d269
-
SHA1
5ee7d23b7f43245476032aa5a5bfad244a8351c4
-
SHA256
596d6ceb355c1fba06021419bca0bbf62f02ee9d5fe859459d3bcf2b5f0ceced
-
SHA512
d051c9dc2d0ba338658c4b4dd610ed19fcf905c7255913ff3f275deef8fa1e3b988583b3778d0adb8262919e581acf32119bfcf2a926e7bf10edc599c01c2917
-
SSDEEP
49152:2fMoMNaLgdXMGtr701MwLAlpX4BgVenlQN2o4HvV92uztDGLbFeOiVXzqnRMdjc/:2pMPmAgWX4OV+u2XdsuzR1mRMdjcyFRU
Static task
static1
Behavioral task
behavioral1
Sample
9d46f656238d21c07a1d280b8a23171d05ae87dbb136d4c0efefa578132058cf.exe
Resource
win7-20230220-en
Malware Config
Extracted
aurora
138.201.198.8:8081
Targets
-
-
Target
9d46f656238d21c07a1d280b8a23171d05ae87dbb136d4c0efefa578132058cf.exe
-
Size
5.0MB
-
MD5
4f253477a36850490e31add375d9cdad
-
SHA1
0bbd876a81e43746595da1b71285ef6978ceb162
-
SHA256
9d46f656238d21c07a1d280b8a23171d05ae87dbb136d4c0efefa578132058cf
-
SHA512
c3fd8354070103f423b937f0dbe8d4a1285494ea14e4a5748b4b9936d019a4b38dd65d447a3471a8ba41f21275c33800e756666c9ba450276c7cd0f7b420b8b8
-
SSDEEP
98304:UJbMKqBTZlgY5FlcBfclcPi7LO049CDZe:MMKslMBfcc67LrHD8
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-