aurora | 3b63582786a77d6a3428a83b78cf41a9f3b083c2ec05f642d74f2afeb5761595 | Triage

Sharing

General

Target

3b63582786a77d6a3428a83b78cf41a9f3b083c2ec05f642d74f2afeb5761595
Size

3.0MB
Sample

230413-2e8r7agb31
MD5

067db51207da1475782a74b8070ddbd9
SHA1

e12f1c105fa0c3db06b23de1fd655c3475fdb2e2
SHA256

3b63582786a77d6a3428a83b78cf41a9f3b083c2ec05f642d74f2afeb5761595
SHA512

da89f185eccc9f235bc6fd9b59365b278418b54691ca8f997035dd80a5d76e356051a7245fc9d80b48040cff1bd664512d4670851dc5dd73d27fdbe6e6a7087b
SSDEEP

49152:WOGwaofJU7hJp+PvBpKawpsSNX8IhsAV4k1H:+17K3jSp8ID

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

45.15.156.33:8081

Targets

- Target
  
  3b63582786a77d6a3428a83b78cf41a9f3b083c2ec05f642d74f2afeb5761595
- Size
  
  3.0MB
- MD5
  
  067db51207da1475782a74b8070ddbd9
- SHA1
  
  e12f1c105fa0c3db06b23de1fd655c3475fdb2e2
- SHA256
  
  3b63582786a77d6a3428a83b78cf41a9f3b083c2ec05f642d74f2afeb5761595
- SHA512
  
  da89f185eccc9f235bc6fd9b59365b278418b54691ca8f997035dd80a5d76e356051a7245fc9d80b48040cff1bd664512d4670851dc5dd73d27fdbe6e6a7087b
- SSDEEP
  
  49152:WOGwaofJU7hJp+PvBpKawpsSNX8IhsAV4k1H:+17K3jSp8ID
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2