aurora | 27eb65438c793262b993bb2a42ff308e13631a82b6b6639c4fce0cfa1a02f87c | Triage

Sharing

General

Target

ce117b0b7aff5bf55822e7e879b76fe9.bin
Size

1.2MB
Sample

230327-cntxysdc2w
MD5

fb5d942ede8bd9c85c6ba8f8e6e87bed
SHA1

4fdc32e0588f65526c4878be4e75dbbe1bd6c2e3
SHA256

27eb65438c793262b993bb2a42ff308e13631a82b6b6639c4fce0cfa1a02f87c
SHA512

7912cd719373eafb2707ec229cc72957571b9489ef0cbccb8252c567dff2db32a087f48e1123910754a16a5d3344ca74775f951743c14cf830be0cd1e9d6564c
SSDEEP

24576:tIXt8Ma0iahnD4OXfWAdmvfKvVJnSyGkQD2rSCa1Y3X:tU8MaHunHfd7J1mCumX

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

212.87.204.93:8081

Targets

- Target
  
  28f76833c4943138b2a119a8a66b65aff15b7b91b331865ac21b523fdca0f7f7.exe
- Size
  
  3.1MB
- MD5
  
  ce117b0b7aff5bf55822e7e879b76fe9
- SHA1
  
  95ae4fb73efc7d9fcdd05664ac458787c8280a06
- SHA256
  
  28f76833c4943138b2a119a8a66b65aff15b7b91b331865ac21b523fdca0f7f7
- SHA512
  
  90bb0f400822e97bde74bf8f62d67235c948d355e86b21c508f61b793dc9fd5d0444308d947b661e0d51de42f4a93e8cbb1646193db66cd3c5210a385c0ca6e3
- SSDEEP
  
  49152:ARxujKxS2EuSIYkgSc71bdf5k6N21D5MwICiaiSLE6k1/lRA:ARM282P2jScBbS2lRA
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2