aurora | c8da7a244b48646fd4ad3c323e883e655b7f9cce0f635d141ba1fcc50446edaa | Triage

Submit
Reports

Overview

overview

Static

static

1f4b6d549d...08.exe

windows7-x64

1f4b6d549d...08.exe

windows10-2004-x64

Sharing

General

Target

9b308447f0060f83888ae6758088dc11-sample.zip
Size

1.9MB
Sample

230423-zs8y1afh52
MD5

ab838ed02c90627d3f421c4479985f19
SHA1

9e833f3f4a0debee23069ef8eba2d30454c4172b
SHA256

c8da7a244b48646fd4ad3c323e883e655b7f9cce0f635d141ba1fcc50446edaa
SHA512

e75b046b5cf9212dc82c47de7f22b370ffbab56b703d6be34a458d9ba335eea0931060698a247535b97263aa8b1d1caf448536e0d020fce406855d3c41ae4680
SSDEEP

49152:oGIGfJ59iq4j0Ahj8qiqZWxFkcnq8vqxhj2wIIUa9ky5K0:gE7adl/ZWxGwqAqxdjUa9kyt

Score

10^/10

aurora stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1f4b6d549d1c9005fac3532abaaf4408.exe

Resource

win7-20230220-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

1f4b6d549d1c9005fac3532abaaf4408.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

aurora

C2

185.106.93.237:6378

Targets

- Target
  
  1f4b6d549d1c9005fac3532abaaf4408
- Size
  
  4.3MB
- MD5
  
  1f4b6d549d1c9005fac3532abaaf4408
- SHA1
  
  041b546ac27783ac5fba33897b3f6d539248d0e2
- SHA256
  
  0d7dc7413dd3f25fcd45de53fc5feebcb3eb5b5517ae1c07469c9072ef9eb9cf
- SHA512
  
  ac1eb503eb0e7bb15832d17df8b0d8eaa35804b4d4b926e12b94ce40800096255d13be897f7dce2062cde41ff9a73fe427abdfac5e8caa04a3ed86f49254bfd0
- SSDEEP
  
  49152:k49loyLKmcH0QoS7wT2wcQ2MoVQUbkieBrZJw5ERFtGRCoO4IYB1:KyYASMwEFGIo
Score

10^/10

aurora stealer
- Aurora
  Aurora is a crypto wallet stealer written in Golang.
  stealer aurora
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy