aurora | fb0c637754e3546971be2c4ba4aa9e63f54948421c751b74e748f1fb3bbae955 | Triage

Submit
Reports

Overview

overview

Static

static

1

C4Loader.exe

windows7-x64

C4Loader.exe

windows10-2004-x64

Sharing

General

Target

C4Loader.exe
Size

855KB
Sample

230404-ntdnpsef44
MD5

c5da2ceab187e9312e30ada95a65b7df
SHA1

d79c14118f6a767447da7bb25c752fa5861be201
SHA256

fb0c637754e3546971be2c4ba4aa9e63f54948421c751b74e748f1fb3bbae955
SHA512

e4bb03aaaeef87a774787a03554559cda2c0d14495ad8fc9e7728d702819562f7975cabfc713625a83cb167da3b377a80e12674a28932d7da650a78403468c3e
SSDEEP

3072:/gtlYTIQ2Y0A2Zf4DGrHUNc8z44jcK1Y3Vmirw:IvQ25A/i4jwK1YJ8

Score

10^/10

aurora evasion stealer

Static task

static1

Behavioral task

behavioral1

Sample

C4Loader.exe

Resource

win7-20230220-en

aurora evasion stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

C4Loader.exe

Resource

win10v2004-20230220-en

aurora evasion stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

aurora

C2

107.182.129.73:8081

Targets

- Target
  
  C4Loader.exe
- Size
  
  855KB
- MD5
  
  c5da2ceab187e9312e30ada95a65b7df
- SHA1
  
  d79c14118f6a767447da7bb25c752fa5861be201
- SHA256
  
  fb0c637754e3546971be2c4ba4aa9e63f54948421c751b74e748f1fb3bbae955
- SHA512
  
  e4bb03aaaeef87a774787a03554559cda2c0d14495ad8fc9e7728d702819562f7975cabfc713625a83cb167da3b377a80e12674a28932d7da650a78403468c3e
- SSDEEP
  
  3072:/gtlYTIQ2Y0A2Zf4DGrHUNc8z44jcK1Y3Vmirw:IvQ25A/i4jwK1YJ8
Score

10^/10

aurora evasion stealer
- Aurora
  Aurora is a crypto wallet stealer written in Golang.
  stealer aurora
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Blocklisted process makes network request
- Downloads MZ/PE file
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

auroraevasionstealer

behavioral2

auroraevasionstealer

© 2018-2024

Terms | Privacy