aurora | 6dfa533e709da56341ea380d6cc4d1afc105748371d17665d719a8e7d69bac8d | Triage

Sharing

General

Target

file.exe
Size

4.1MB
Sample

230410-gsljlaff39
MD5

4e5b94d8b2e051e1bc46eb211004a1a0
SHA1

1bd14c4607078f88a41c76b310226b06ae92aab7
SHA256

6dfa533e709da56341ea380d6cc4d1afc105748371d17665d719a8e7d69bac8d
SHA512

4f8fef57fe55e552d6e479b74a4b9e2cc6c9f01a7d4af9ca061dc2334867b807bb5d6674a84800de4c6851f63253c71fb81d50ad38edb2adf9118b02e070f0fb
SSDEEP

98304:C4fFkyTNLGFT2a0FHMygEqgMHqL4ax6lF3miQTIMC+bRC:NGFKbFsxEqgZh6HmRTIMCS

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

45.15.157.130:8081

Targets

- Target
  
  file.exe
- Size
  
  4.1MB
- MD5
  
  4e5b94d8b2e051e1bc46eb211004a1a0
- SHA1
  
  1bd14c4607078f88a41c76b310226b06ae92aab7
- SHA256
  
  6dfa533e709da56341ea380d6cc4d1afc105748371d17665d719a8e7d69bac8d
- SHA512
  
  4f8fef57fe55e552d6e479b74a4b9e2cc6c9f01a7d4af9ca061dc2334867b807bb5d6674a84800de4c6851f63253c71fb81d50ad38edb2adf9118b02e070f0fb
- SSDEEP
  
  98304:C4fFkyTNLGFT2a0FHMygEqgMHqL4ax6lF3miQTIMC+bRC:NGFKbFsxEqgZh6HmRTIMCS
Score

10^/10

aurora spyware stealer
- Aurora
  Aurora is a crypto wallet stealer written in Golang.
  stealer aurora
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

auroraspywarestealer

behavioral2

auroraspywarestealer