aurora | e3dabeeca4921d902294c2d52711010848aa9a253f4c27b6c4ff986be6d5d9fe | Triage

Submit
Reports

Overview

overview

Static

static

9e83c3a822...bc.exe

windows7-x64

9e83c3a822...bc.exe

windows10-2004-x64

Sharing

General

Target

e38edcf41b7b13dc8837e030774cf083.bin
Size

4.1MB
Sample

230327-cr6qxsbc48
MD5

41da22eef52abe3cea9abb99026c8c54
SHA1

aa9f79c22fb0d59be6ffd3b3fd3cf8c29a161f99
SHA256

e3dabeeca4921d902294c2d52711010848aa9a253f4c27b6c4ff986be6d5d9fe
SHA512

bc904263c91a89de0a4a349153ad2eeb47b4e472a7561fea118b6291cf9e4d4c232bf56da9c220cbc313a6e6c4dd951e40af57e36e4a397319e8f7c4ee35314e
SSDEEP

98304:FeXZ+zKVFq+elD0CcY9pWDxAoNy7mNUHAKObwp5h7IgQ:csmrq+cgkjW9YiNLbwp5JFQ

Score

10^/10

aurora stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9e83c3a822bc5253e9b5047fd2ee19abce885852db7afcb70d9b76fc470f69bc.exe

Resource

win7-20230220-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

9e83c3a822bc5253e9b5047fd2ee19abce885852db7afcb70d9b76fc470f69bc.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

aurora

C2

94.142.138.215:8081

Targets

- Target
  
  9e83c3a822bc5253e9b5047fd2ee19abce885852db7afcb70d9b76fc470f69bc.exe
- Size
  
  9.6MB
- MD5
  
  e38edcf41b7b13dc8837e030774cf083
- SHA1
  
  1ed5f18fbc105fd177129f594d63e3297654acff
- SHA256
  
  9e83c3a822bc5253e9b5047fd2ee19abce885852db7afcb70d9b76fc470f69bc
- SHA512
  
  17021db0c40c5068c1df61e3682cd967fec74a76e661d5967b3950d2a0f2a3a64ea15abcfd21b89223fb541d3561172a0dbdcc2a63694996518e0fde8ced1080
- SSDEEP
  
  196608:JGujuxvOMsHXVCFzaixl/CcHsjGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG:JXdP3VC9CcMjGGGGGGGGGGGGGGGGGGGi
Score

10^/10

aurora stealer
- Aurora
  Aurora is a crypto wallet stealer written in Golang.
  stealer aurora
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy