aurora | 85b1db4b9ec3fec1711a200175bf0244f5148128ae2f984154cd0029926df816 | Triage

Sharing

General

Target

5892a93d287a1e4bd97fb09b79b6e2af5643103511f3678c8212ec803ff3b449.zip
Size

4.4MB
Sample

230321-rvzt4sda7s
MD5

1328ea482d08aa91e9ed70740e55e53b
SHA1

ff4d82cac91ae17def6ae568c470aab8fc874557
SHA256

85b1db4b9ec3fec1711a200175bf0244f5148128ae2f984154cd0029926df816
SHA512

d9fdab1759fcce716f434cd41586ccbd058ab38ec797e596477ace8dbbb3ec01958a2d5487fd43b8f6f123a8f3a977f3339cfe7e0f20c91bb6ce3085f61b54c8
SSDEEP

98304:qh0OFeo9G9W6uKbrF0lB4Of+//X2kki4CE3YF6FD+no3Ulf:a4D4YrF0lvf+/lkitq+n/f

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

138.201.198.8:8081

Targets

- Target
  
  5892a93d287a1e4bd97fb09b79b6e2af5643103511f3678c8212ec803ff3b449.exe
- Size
  
  4.8MB
- MD5
  
  d442830fc92de9465d9bf425922173a5
- SHA1
  
  27eaed777470e6a9f855894b2af3c7baa1c812eb
- SHA256
  
  5892a93d287a1e4bd97fb09b79b6e2af5643103511f3678c8212ec803ff3b449
- SHA512
  
  1ce42ab9055bf0c15f8f4b90820c8d4c74f348dc1e1833d26f55f61b671cdafee24a0777ea60a3a5cf5b297c31380a79a1a7d0568c81886f2472d265f77c7146
- SSDEEP
  
  98304:9j3/I9FTuPXPlGUi317EPTiu0ENWS5ywGDZHU:9/MF4l5GgUEMSrwU
Score

10^/10

aurora spyware stealer
- Aurora
  Aurora is a crypto wallet stealer written in Golang.
  stealer aurora
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

auroraspywarestealer

behavioral2

auroraspywarestealer