Extracted

• • Target

    AURORA_STEALER.zip

  • Size

    35.2MB

  • MD5

    57a4cb4284a9526aa5875947dfdd56e4

  • SHA1

    4681de896c1af6de355e1e0642dbf4d61d0788eb

  • SHA256

    832654398d6aaecf7213b9b15c7c527054dd8d2a4ff14d368a657a5a1c53b2c3

  • SHA512

    bfbb0cff672316002a3eb7f4078075f761771ffe4e14dd61d3aabb584c55803d275bd3d3ece9528848228c89d222f696dc704661326ff8f81cd7adfabf619f60

  • SSDEEP

    786432:w8+Eux5uyUMvBkHoldwxUMD31bdJp1e0aiEs1UkjGW/u:w6k5uyT2oleUo3TJ7eADUkjtu

  Score

  10^/10

  aurorashurkinfostealerstealer

  • Aurora

    Aurora is a crypto wallet stealer written in Golang.

    stealeraurora

  • Shurk

    Shurk is an infostealer, written in C++ which appeared in 2021.

    infostealershurk

  • Shurk Stealer payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2