aurora | 3468c15da3569fbe23e815cba22abf1b8b26a7fa3300ed44502fdd31cd120568 | Triage

Sharing

General

Target

Sys.exe
Size

3.1MB
Sample

230414-t3e6sacb91
MD5

0a9bb4228adb9813ac9f7b576c3918fb
SHA1

6c98dcb3d2e1a07d5175cbe8165dc197b7f8852f
SHA256

3468c15da3569fbe23e815cba22abf1b8b26a7fa3300ed44502fdd31cd120568
SHA512

db30b2a72e7ed10d85ba8e750996c7e3ecc5761a39ca2f1b156ca064320c40d2fea66cc581cfe378b0cbdb29155cf69c48fe0c1478591933083280c5d52c610b
SSDEEP

49152:bG3iK3tnG69fEERaIrCzRlXkaLZsLaN8cxnk5Yk1mqq:d+dG0rrCdlXELO8Cqq

Score

10^/10

aurora spyware stealer

Malware Config

Extracted

Family

aurora

C2

104.248.91.138:8081

Targets

- Target
  
  Sys.exe
- Size
  
  3.1MB
- MD5
  
  0a9bb4228adb9813ac9f7b576c3918fb
- SHA1
  
  6c98dcb3d2e1a07d5175cbe8165dc197b7f8852f
- SHA256
  
  3468c15da3569fbe23e815cba22abf1b8b26a7fa3300ed44502fdd31cd120568
- SHA512
  
  db30b2a72e7ed10d85ba8e750996c7e3ecc5761a39ca2f1b156ca064320c40d2fea66cc581cfe378b0cbdb29155cf69c48fe0c1478591933083280c5d52c610b
- SSDEEP
  
  49152:bG3iK3tnG69fEERaIrCzRlXkaLZsLaN8cxnk5Yk1mqq:d+dG0rrCdlXELO8Cqq
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2