Overview

overview

10

Static

static

1

9d46f65623...cf.exe

windows7-x64

1

9d46f65623...cf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9d46f656238d21c07a1d280b8a23171d05ae87dbb136d4c0efefa578132058cf.zip

  • Size

    2.8MB

  • Sample

    230321-rv1fmsda7v

  • MD5

    4ac02ddb48c47af7142f06d448f4d269

  • SHA1

    5ee7d23b7f43245476032aa5a5bfad244a8351c4

  • SHA256

    596d6ceb355c1fba06021419bca0bbf62f02ee9d5fe859459d3bcf2b5f0ceced

  • SHA512

    d051c9dc2d0ba338658c4b4dd610ed19fcf905c7255913ff3f275deef8fa1e3b988583b3778d0adb8262919e581acf32119bfcf2a926e7bf10edc599c01c2917

  • SSDEEP

    49152:2fMoMNaLgdXMGtr701MwLAlpX4BgVenlQN2o4HvV92uztDGLbFeOiVXzqnRMdjc/:2pMPmAgWX4OV+u2XdsuzR1mRMdjcyFRU

Score
10/10
auroraspywarestealer

Malware Config

Extracted

Family

aurora

C2

138.201.198.8:8081

Targets

    • Target

      9d46f656238d21c07a1d280b8a23171d05ae87dbb136d4c0efefa578132058cf.exe

    • Size

      5.0MB

    • MD5

      4f253477a36850490e31add375d9cdad

    • SHA1

      0bbd876a81e43746595da1b71285ef6978ceb162

    • SHA256

      9d46f656238d21c07a1d280b8a23171d05ae87dbb136d4c0efefa578132058cf

    • SHA512

      c3fd8354070103f423b937f0dbe8d4a1285494ea14e4a5748b4b9936d019a4b38dd65d447a3471a8ba41f21275c33800e756666c9ba450276c7cd0f7b420b8b8

    • SSDEEP

      98304:UJbMKqBTZlgY5FlcBfclcPi7LO049CDZe:MMKslMBfcc67LrHD8

    Score
    10/10
    auroraspywarestealer

    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

      stealeraurora

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks