aurora | 9e82f4feac500f219662c11c5036343cccd46f8ff3133f6ff2dfddf2f3946270 | Triage

Sharing

General

Target

60f5cf24370600410d431405a2af891db1e19396a73d437b33f2e9c01e9fb27e.zip
Size

4.1MB
Sample

230321-rvz5wada7t
MD5

36b2cdb4643c543d23649d83ed4a7b71
SHA1

328d53f2c0b83cd8e092f761aa935119a4dcf781
SHA256

9e82f4feac500f219662c11c5036343cccd46f8ff3133f6ff2dfddf2f3946270
SHA512

0924747f9b5f526612729c25bbc624f7319ad74e638e197d3937caaea1e618c68e73551e5d989be13b01bcb47dd5f01db42a546ddeec04889528454ffea630f1
SSDEEP

98304:0s5ZIOn/hUNjXqy7mmUTgpTw+u2gg7k1AtNseIdIpr5knF:t5vZQBKPk1wLgrXstorqnF

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

45.15.156.172:8081

Targets

- Target
  
  60f5cf24370600410d431405a2af891db1e19396a73d437b33f2e9c01e9fb27e.exe
- Size
  
  7.5MB
- MD5
  
  1431d295525534f244dd34a8a311b87f
- SHA1
  
  2d0d2190ed780bf8dfed135bd1d12cae53860ebe
- SHA256
  
  60f5cf24370600410d431405a2af891db1e19396a73d437b33f2e9c01e9fb27e
- SHA512
  
  dd7085d43c12c1c7d59be73e66e5797966f7310fdd40ff2979fc770fa6fb5164484661fdfa7b73f8fc7a2dac32a452683f021e56fa4b1135bbbb9d140794ee02
- SSDEEP
  
  24576:2H5qGTyaJEUcmADwRqPACrUJJiILBCR5LpWKMuy1rnwNnNQx/PEEDnpfuZWI9pIx:4qGTyMEQADwwACagk+lKo83Vz1
Score

10^/10

aurora spyware stealer
- Aurora
  Aurora is a crypto wallet stealer written in Golang.
  stealer aurora
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

auroraspywarestealer

behavioral2

auroraspywarestealer