aurora | c08b7e5a6a4929a249386bce2af53bf522dd9a529f4f082088616c2d6041ce32 | Triage

Sharing

General

Target

c08b7e5a6a4929a249386bce2af53bf522dd9a529f4f082088616c2d6041ce32
Size

3.1MB
Sample

230402-z4qa2aag27
MD5

2b6319f8e8c87f1780f050151a422a1d
SHA1

4045039a1901a461d67614f99ec89e1121dee982
SHA256

c08b7e5a6a4929a249386bce2af53bf522dd9a529f4f082088616c2d6041ce32
SHA512

b18f8ac5d2139df50c9e310168269e40d201768147265985a487289c122499780a9d200833de2293c66d1e1eec0eb153ecc5d3d21f420977f79f7d0d827b96bc
SSDEEP

49152:GlAh6SL79HCOcWXS+jk1Jdf5k6N21D5MHMMta+SLv6k1sry/:GaQ+7lUqS+jwtSIry/

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

141.98.6.253:8081

Targets

- Target
  
  c08b7e5a6a4929a249386bce2af53bf522dd9a529f4f082088616c2d6041ce32
- Size
  
  3.1MB
- MD5
  
  2b6319f8e8c87f1780f050151a422a1d
- SHA1
  
  4045039a1901a461d67614f99ec89e1121dee982
- SHA256
  
  c08b7e5a6a4929a249386bce2af53bf522dd9a529f4f082088616c2d6041ce32
- SHA512
  
  b18f8ac5d2139df50c9e310168269e40d201768147265985a487289c122499780a9d200833de2293c66d1e1eec0eb153ecc5d3d21f420977f79f7d0d827b96bc
- SSDEEP
  
  49152:GlAh6SL79HCOcWXS+jk1Jdf5k6N21D5MHMMta+SLv6k1sry/:GaQ+7lUqS+jwtSIry/
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1