aurora | 33fc61e81efa609df51277aef261623bb291e2dd5359362d50070f7a441df0ad | Triage

Analysis

max time kernel
15s
max time network
22s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
19-04-2023 18:50

Sharing

Report Analysis Logs

General

Target

Aurora.exe
Size

25.2MB
MD5

1504c863a05885816d2c8874137ae7a7
SHA1

5b16d440a7e9b5887886549f016f252900b5c0ac
SHA256

33fc61e81efa609df51277aef261623bb291e2dd5359362d50070f7a441df0ad
SHA512

055d2650ac996443130c05a742bcaabc576dbde29cc21ea956f66132f7e6da8a5771beb9cd51ff2384b2230ebe68990b35d8b14611613db2b8d2764846a487f9
SSDEEP

196608:olxc7zJltMVP1nQf6CmuZdgh7vq5esz6xSle:WqzFANQf6CmuEh7vqvz6xSs

Score

10^/10

aurora shurk infostealer stealer

Malware Config

Extracted

Family

aurora

C2

:8081

Signatures

Aurora
Aurora is a crypto wallet stealer written in Golang.
stealer aurora
Shurk
Shurk is an infostealer, written in C++ which appeared in 2021.
infostealer shurk

Shurk Stealer payload 1 IoCs

resource	yara_rule
behavioral1/memory/3784-133-0x00007FF6BDA20000-0x00007FF6BF2EF000-memory.dmp	shurk_stealer

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

C:\Users\Admin\AppData\Local\Temp\Aurora.exe
"C:\Users\Admin\AppData\Local\Temp\Aurora.exe"
1⤵
PID:3784

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3784-133-0x00007FF6BDA20000-0x00007FF6BF2EF000-memory.dmp

Filesize
24.8MB

Download