aurora | f23cdd30d96fcf2cbf15f4c91c7dffbca06b48f04e349de758632ce9249571ad | Triage

Sharing

General

Target

Mulvadd.exe
Size

4.7MB
Sample

230413-vwhtrsec4x
MD5

f3da382ef480f4c25437c5cddd09b30b
SHA1

d06bef2188be6f3fa395554210c385c28a9141c6
SHA256

f23cdd30d96fcf2cbf15f4c91c7dffbca06b48f04e349de758632ce9249571ad
SHA512

b1cc2277024214e7e96bdc554d014dcb7f9e0ca9b82fbbdbb9818dc9f8596b43cf287aa6e6a939dfc33aaeee3c3d770741b66c0d8b845db00c22d0ce88ddf4a6
SSDEEP

49152:D39kC522omFXu7KE8X/+BCGFClghKetrvAmsak5EI9NatGifV9FKc0i7w01d8M:CgRFjmFhyEIMG4V9l8M

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

116.203.245.173:8081

Targets

- Target
  
  Mulvadd.exe
- Size
  
  4.7MB
- MD5
  
  f3da382ef480f4c25437c5cddd09b30b
- SHA1
  
  d06bef2188be6f3fa395554210c385c28a9141c6
- SHA256
  
  f23cdd30d96fcf2cbf15f4c91c7dffbca06b48f04e349de758632ce9249571ad
- SHA512
  
  b1cc2277024214e7e96bdc554d014dcb7f9e0ca9b82fbbdbb9818dc9f8596b43cf287aa6e6a939dfc33aaeee3c3d770741b66c0d8b845db00c22d0ce88ddf4a6
- SSDEEP
  
  49152:D39kC522omFXu7KE8X/+BCGFClghKetrvAmsak5EI9NatGifV9FKc0i7w01d8M:CgRFjmFhyEIMG4V9l8M
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1