aurora | 7e284862240837599b6916df7747947d45d8fa44979ff4bcf57703971e75c14b | Triage

Sharing

General

Target

aurora.exe
Size

5.6MB
Sample

230510-qat8fsgb43
MD5

2072ab80f4f0b576590d6e2f66bc12a3
SHA1

92b9c99e858cd242983fad131e25028c9197a10f
SHA256

7e284862240837599b6916df7747947d45d8fa44979ff4bcf57703971e75c14b
SHA512

1f2fcf07f41af804aa94cdb3bd97cb7af35d12ba10f9e795052d1d68720f96933bb3a64c9397f1142c26ba392b6f988ac569ebfcddb5b5da85d82339a80bdeec
SSDEEP

49152:8ugM5SSiHPRpy67X9g31TGsev6imuMmS5cNDw7wBVAAp5ESxRlMmCaCfAm5K6Q0+:DMTlK1+gcEiMeCom5Kaw

Score

10^/10

aurora persistence stealer

Malware Config

Extracted

Family

aurora

C2

94.142.138.71:456

Targets

- Target
  
  aurora.exe
- Size
  
  5.6MB
- MD5
  
  2072ab80f4f0b576590d6e2f66bc12a3
- SHA1
  
  92b9c99e858cd242983fad131e25028c9197a10f
- SHA256
  
  7e284862240837599b6916df7747947d45d8fa44979ff4bcf57703971e75c14b
- SHA512
  
  1f2fcf07f41af804aa94cdb3bd97cb7af35d12ba10f9e795052d1d68720f96933bb3a64c9397f1142c26ba392b6f988ac569ebfcddb5b5da85d82339a80bdeec
- SSDEEP
  
  49152:8ugM5SSiHPRpy67X9g31TGsev6imuMmS5cNDw7wBVAAp5ESxRlMmCaCfAm5K6Q0+:DMTlK1+gcEiMeCom5Kaw
Score

10^/10

aurora persistence stealer
- Aurora
  Aurora is a crypto wallet stealer written in Golang.
  stealer aurora
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

aurorapersistencestealer

behavioral2

aurorapersistencestealer