Overview

overview

10

Static

static

10

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    7.6MB

  • Sample

    230328-jnnt9sbe2z

  • MD5

    d88be8616d9752d9c681e46825b86e56

  • SHA1

    fd93406bf2b03bf974cb0ddc39b6ec16ec3281a9

  • SHA256

    15284fa45728bfdbb95a5733f05f9d05f79a67f466bcb969df96c7bbb0460de8

  • SHA512

    7ab1e3e15fb003fcd4f41390a007fdcf13ac087d11ed713b1302fe0ca4619a4d7e0d72d3967c686293b292ccbe71e2727abcea1c1a07add51ed5d9c38a1501aa

  • SSDEEP

    196608:cCm8YwNgBccHsjGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGpxn+Qgkh2:GccMjGGGGGGGGGGGGGGGGGGGGGGGGGGo

Score
10/10
auroraspywarestealer

Malware Config

Extracted

Family

aurora

C2

45.84.1.87:8081

Targets

    • Target

      file.exe

    • Size

      7.6MB

    • MD5

      d88be8616d9752d9c681e46825b86e56

    • SHA1

      fd93406bf2b03bf974cb0ddc39b6ec16ec3281a9

    • SHA256

      15284fa45728bfdbb95a5733f05f9d05f79a67f466bcb969df96c7bbb0460de8

    • SHA512

      7ab1e3e15fb003fcd4f41390a007fdcf13ac087d11ed713b1302fe0ca4619a4d7e0d72d3967c686293b292ccbe71e2727abcea1c1a07add51ed5d9c38a1501aa

    • SSDEEP

      196608:cCm8YwNgBccHsjGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGpxn+Qgkh2:GccMjGGGGGGGGGGGGGGGGGGGGGGGGGGo

    Score
    10/10
    aurorastealerspyware

    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

      stealeraurora

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks