General

  • Target

    syshost.exe

  • Size

    3.1MB

  • Sample

    230414-t2ylqsaf47

  • MD5

    138eefb81e72bbdf6bf009876f445c28

  • SHA1

    14afd4156ca94a340e04547809088e6d5d51bc92

  • SHA256

    53274ab4f9cebd26058061cd944614586a086d91cd9f36b679e3c8dccae84a7d

  • SHA512

    cfd999a6f891f43e0302c013a7e22987c1ca2bdbf7ddb7e9e436703f13ce21acbf431e0acc4aa0be7969c6664306679a0d8243562f26b23bcadc76080a8e6ba5

  • SSDEEP

    49152:VI3NN7VXFLrR91/VXf3h32qa5OsLaN8cxnk5Nk1lqz:65lFjbXfx32xLO8Wqz

Score
10/10

Malware Config

Extracted

Family

aurora

C2

104.248.91.138:8081

Targets

    • Target

      syshost.exe

    • Size

      3.1MB

    • MD5

      138eefb81e72bbdf6bf009876f445c28

    • SHA1

      14afd4156ca94a340e04547809088e6d5d51bc92

    • SHA256

      53274ab4f9cebd26058061cd944614586a086d91cd9f36b679e3c8dccae84a7d

    • SHA512

      cfd999a6f891f43e0302c013a7e22987c1ca2bdbf7ddb7e9e436703f13ce21acbf431e0acc4aa0be7969c6664306679a0d8243562f26b23bcadc76080a8e6ba5

    • SSDEEP

      49152:VI3NN7VXFLrR91/VXf3h32qa5OsLaN8cxnk5Nk1lqz:65lFjbXfx32xLO8Wqz

    Score
    7/10
    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v6

Tasks