Overview

overview

10

Static

static

10

459a3e9ef3...1c.exe

windows7-x64

10

459a3e9ef3...1c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    459a3e9ef30e59ff28934170719d805ee5f05c44d8bd61f4fd8ed1e70047aa1c.zip

  • Size

    4.0MB

  • Sample

    230321-rvxdzsah97

  • MD5

    07290d2634e28db9b6932d3044cde1e6

  • SHA1

    2c1c6a2bd3d29395a7ad760dc273c85c58518fdc

  • SHA256

    9e32f9f73aff5225bfeb7f1403c168e189c38f53027175b3258fbad09d441c50

  • SHA512

    94f28ec5519a78cb98b0187c769bc1d623816df6806d3f63a56bb71c81c66d68547a991ae7436acf861a4f4b0f466e24ac5a5e3d8e8b5f4235b11a5ad2e5233b

  • SSDEEP

    98304:Ym3sC0P9LGxrfz6o0COxo+htEZTUq5aNs6Hyot6:YmQP9OOTWqH5hs

Score
10/10
auroraspywarestealer

Malware Config

Extracted

Family

aurora

C2

45.84.1.87:8081

Targets

    • Target

      459a3e9ef30e59ff28934170719d805ee5f05c44d8bd61f4fd8ed1e70047aa1c.exe

    • Size

      8.1MB

    • MD5

      6a1d6f9f0d9f038b6bc64ee8d383143d

    • SHA1

      5681bfc4587c40695e99daec0c75bef7946627c8

    • SHA256

      459a3e9ef30e59ff28934170719d805ee5f05c44d8bd61f4fd8ed1e70047aa1c

    • SHA512

      b640bbf2e72cacb73c97ed9ab3848d236e46909395f41b7ca77bfb796a12e3ba193d976aaf4f28cb373528297fbd8e30fa644e2377d7797e00cd1dce0a67b1c1

    • SSDEEP

      98304:SdjxunlgScTvilUJQ38e8dR2SfX6IODGfL112bfaTl:SdjxClgSc7ilieK9X6I4GBAbfwl

    Score
    10/10
    auroraspywarestealer

    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

      stealeraurora

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks