aurora | 3b63582786a77d6a3428a83b78cf41a9f3b083c2ec05f642d74f2afeb5761595 | Triage

Sharing

General

Target

3b63582786a77d6a3428a83b78cf41a9f3b083c2ec05f642d74f2afeb5761595
Size

3.0MB
Sample

230413-2e8r7agb31
MD5

067db51207da1475782a74b8070ddbd9
SHA1

e12f1c105fa0c3db06b23de1fd655c3475fdb2e2
SHA256

3b63582786a77d6a3428a83b78cf41a9f3b083c2ec05f642d74f2afeb5761595
SHA512

da89f185eccc9f235bc6fd9b59365b278418b54691ca8f997035dd80a5d76e356051a7245fc9d80b48040cff1bd664512d4670851dc5dd73d27fdbe6e6a7087b
SSDEEP

49152:WOGwaofJU7hJp+PvBpKawpsSNX8IhsAV4k1H:+17K3jSp8ID

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

45.15.156.33:8081

Targets

- Target
  
  3b63582786a77d6a3428a83b78cf41a9f3b083c2ec05f642d74f2afeb5761595
- Size
  
  3.0MB
- MD5
  
  067db51207da1475782a74b8070ddbd9
- SHA1
  
  e12f1c105fa0c3db06b23de1fd655c3475fdb2e2
- SHA256
  
  3b63582786a77d6a3428a83b78cf41a9f3b083c2ec05f642d74f2afeb5761595
- SHA512
  
  da89f185eccc9f235bc6fd9b59365b278418b54691ca8f997035dd80a5d76e356051a7245fc9d80b48040cff1bd664512d4670851dc5dd73d27fdbe6e6a7087b
- SSDEEP
  
  49152:WOGwaofJU7hJp+PvBpKawpsSNX8IhsAV4k1H:+17K3jSp8ID
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2