aurora

Sharing

Copy URL

Twitter E-mail

General

Target

AURORA_STEALER.zip
Size

35.2MB
Sample

230604-vnm4hsdd7v
MD5

57a4cb4284a9526aa5875947dfdd56e4
SHA1

4681de896c1af6de355e1e0642dbf4d61d0788eb
SHA256

832654398d6aaecf7213b9b15c7c527054dd8d2a4ff14d368a657a5a1c53b2c3
SHA512

bfbb0cff672316002a3eb7f4078075f761771ffe4e14dd61d3aabb584c55803d275bd3d3ece9528848228c89d222f696dc704661326ff8f81cd7adfabf619f60
SSDEEP

786432:w8+Eux5uyUMvBkHoldwxUMD31bdJp1e0aiEs1UkjGW/u:w6k5uyT2oleUo3TJ7eADUkjtu

Score

10^/10

Malware Config

Targets

- Target
  
  Aurora.exe
- Size
  
  25.2MB
- MD5
  
  1504c863a05885816d2c8874137ae7a7
- SHA1
  
  5b16d440a7e9b5887886549f016f252900b5c0ac
- SHA256
  
  33fc61e81efa609df51277aef261623bb291e2dd5359362d50070f7a441df0ad
- SHA512
  
  055d2650ac996443130c05a742bcaabc576dbde29cc21ea956f66132f7e6da8a5771beb9cd51ff2384b2230ebe68990b35d8b14611613db2b8d2764846a487f9
- SSDEEP
  
  196608:olxc7zJltMVP1nQf6CmuZdgh7vq5esz6xSle:WqzFANQf6CmuEh7vqvz6xSs
Score

10^/10

aurora shurk infostealer stealer
- Aurora
  Aurora is a crypto wallet stealer written in Golang.
  stealer aurora
- Shurk
  Shurk is an infostealer, written in C++ which appeared in 2021.
  infostealer shurk
- Shurk Stealer payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1
- Target
  
  gui/Auth.html
- Size
  
  6KB
- MD5
  
  589e2f016cd825eee95246c61c7595d6
- SHA1
  
  90c48c347a27a5e5f141c80d11dd05b0645c3344
- SHA256
  
  65513e92ac4845fbc1697359fcc68c863d049366d866cc6318be3193671b35f9
- SHA512
  
  ae383c87c21ff1638c3f935c3a4c2377ad6448aea17d0d9b331de48af24e3cc2550727028e9d3b134dbdde45ae65a0ebbde584b2e04410b0872863da4f42400e
- SSDEEP
  
  192:mOsPUAU1FitC3Rz6yxX/zK5qEPUnUtGie:RsPtU7iucgX/zK5qku
Score

1^/10
behavioral2
- Target
  
  gui/Builder.html
- Size
  
  23KB
- MD5
  
  179d80f9cfcdafce7f35371eba7b7130
- SHA1
  
  9ac5d15e8f7906227ee7e5334ad7c1f4068155fe
- SHA256
  
  6f5a2059d85bb87e672f62c2c435ded3eb6f1b02e91807b70eff00abab141628
- SHA512
  
  6b5f3d1fdd1dee969ee3825cd70bd525876bb1da1fcb85cf456e18f3241a7a3769c1b50253b6e1c7d8be495f8b12443984eaf62a9e9751e2a3df3558f7950a67
- SSDEEP
  
  192:mCf0TMOMiHWRWZl3bCprc8zHWP89YD8KMn+JnOUnVwnB2nDUn3iKt5LwlcRQlIhI:F8n1HWRqX2NZFFFwF4FM0cCM
Score

1^/10
behavioral3
- Target
  
  gui/CHECKER.html
- Size
  
  30KB
- MD5
  
  bbda01f4d78932e8716452e5b44c873c
- SHA1
  
  8f8059d8a82d7a05e8d03d1e8fc2962d7039b3cf
- SHA256
  
  ce8394994ae108d6a0a4fdce1c47afc415a0ff2bf20d7288bf4c0974fd2a4a25
- SHA512
  
  27b4d1b2492aa7fc64360bd019df8df222f4941f71862c793836f6dadaa8e1a58f10e011a47605d393a632b0d67af1fcd8e5203622d05cfbcbffb5da9ecd3375
- SSDEEP
  
  192:af0JOW/yNBVJbCprc8zHWP89YD8KMn+JnOUnVwnB2nDUn3iKt55uuMNq6p+aUNtd:a3W/0BhTuMxTcEuCM
Score

1^/10
behavioral4
- Target
  
  gui/Dashboard.html
- Size
  
  36KB
- MD5
  
  d48d1f160ff80990e5fc123886590158
- SHA1
  
  c3adff2a63b24b1219f31e75aea955cf401fa9f5
- SHA256
  
  eb071635072b9f1ccf127d954ea2678767441e77e5c4554fe6e7d22af1178962
- SHA512
  
  9bd258fd4c0b89fad2524a1c87ee267fab22692902f6d07014787aa09d09975b793aec93264b4af7d86c40d1d90e847f89b0aac3ba10f0c9b7f8931d56769528
- SSDEEP
  
  384:ozjQc7AkpXtr4MspwJoEE7rASHQoYXR3VAUl4AglgAAOT1LM:ozjQc7h74JCSH+3pe1Tq
Score

1^/10
behavioral5
- Target
  
  gui/Loader.html
- Size
  
  27KB
- MD5
  
  53b77ef10f8580f43e5c23ac6f50dadf
- SHA1
  
  5330303de1b34eb091de895bc91fcf22da33d94b
- SHA256
  
  3239679b3ff2d5e397670ec59e71c28826fd0c63d8cfeb350ea15dd2e9cfaaf4
- SHA512
  
  2c38ab2f36ba6f3ae6f76b8458b6ba75b18eb24b16499de4731a743377cda1e9cd08563731518c1cc2ac4bb3467c43654690a383d7cef1ebf61b7a94c608f5a6
- SSDEEP
  
  192:DaCOxrP7PFPOWW3+l3bCprc8zHWP89YD8KMn+JnOUnVwnB2nDUn3iKt5nu0MNq62:DaNxrP7PFPOWWOXr0MuWj7pgQ56JK2CM
Score

1^/10
behavioral6
- Target
  
  gui/SETTINGS.html
- Size
  
  45KB
- MD5
  
  7fe962624d5dd78fe50e9000547f6d7d
- SHA1
  
  be9aaea6cd7093697da01500502f1822979d91f6
- SHA256
  
  910b01ae62ac0c3e71e3a037341e7fb72b22bc9c57edb41c7c5418dac2db8e75
- SHA512
  
  30ed130e18fbadc90e9f05cfd00c6f54274b002a164e540b1e2821e44640c2d897a7aa994a68137e69f320dfee97bd13e80addda66c3fb180909cd2cb76e8132
- SSDEEP
  
  192:NNOcf0Tazjt+WOZl3bCprc8zHWP89YD8KMn+JnOUnVwnB6nDgn3iKt5qNH0MqPCX:Ncc8azjt+WSXfH0MDTmq3iMXGZQxCG6M
Score

1^/10
behavioral7
- Target
  
  gui/assets/docs.js
- Size
  
  430B
- MD5
  
  fc829c7b7378701e2e5f835ab968bba1
- SHA1
  
  0b01be0b43e824c875a5281b5e9c7602b76e2030
- SHA256
  
  5b0ac21a5ab15c795894e558f73071fddd44a116ae675e72249302135db977d8
- SHA512
  
  31ff6432b4578ca1b3d315b079574254cb8aaabfe1e766dbda4cffb9181101669590b55a381f2685e91ac11a27e9b64ed0fc399523323583307592ce0bc10437
Score

1^/10
behavioral8
- Target
  
  gui/inlog.html
- Size
  
  6KB
- MD5
  
  b2b90afba457e3ebd4098dfa49ddcb09
- SHA1
  
  e2480663992878a2c5942e8396840b207dab4175
- SHA256
  
  0a7ff9068f0f60cd2fafb298fee177ca93453665f5ed973503a86f1ea88fe110
- SHA512
  
  909a1727f068f094801f90e213449b738ed56c02c4a49a44da556f8d1368d90da2f2ec9ac8bc031c8d1ed2e45ce0b3bf53c97ea397e9efb3a5daa3275057ad75
- SSDEEP
  
  96:5D15sO500ZLPUARaJX/9itC36wpBr6yxIi/zJocnmd4E+ZR5K6nP5EGE7Me:TOOq09PUAU1FitC3Rz6yxX/zK5qEBwe
Score

1^/10
behavioral9
- Target
  
  gui/jSnow.js
- Size
  
  2KB
- MD5
  
  40ee348bbc051a90be6d0a058acf9567
- SHA1
  
  f8fd2ea9d1c2c86450f10fbce3223138b098e1d2
- SHA256
  
  6302ada99e061de3e4180de11be7d8126db8c6a2d4993e28c35465cd1be58347
- SHA512
  
  fb0cedaf2d207ec52266b8373ba2e4ae02a3ee8cea282c95c635f170c0def7d1433b121247a3aeafd82c11cb4687cacf7d852ee6492e693919fdb5b8c3fd5d45
Score

1^/10
behavioral10
- Target
  
  gui/jquery.js
- Size
  
  87KB
- MD5
  
  dc5e7f18c8d36ac1d3d4753a87c98d0a
- SHA1
  
  c8e1c8b386dc5b7a9184c763c88d19a346eb3342
- SHA256
  
  f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
- SHA512
  
  6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516
- SSDEEP
  
  1536:AjExXUqrnxDjoXEZxkMV4SYSt0zvDD6ip3h8cApwEjOPrBeU6QLiTFbc0QlQvakF:AYh8eip3huuf6IidlrvakdtQ47GK1
Score

1^/10
behavioral11
- Target
  
  gui/log.html
- Size
  
  604B
- MD5
  
  1a2782abf9d045bbcb20982d441d038f
- SHA1
  
  20e763832fd364aab5d32b75e82569d2455c501a
- SHA256
  
  b504cfa31c1c3309e9de6bb27042ad034af1270dddaff704ce2ca01497a90284
- SHA512
  
  4f285cc842f7da6880a1df87f34d6979184e71a3b885d52e009d113df11d7db2591c8badaa5d5628ca168cee4f16d9edb5a72b95bd749a126014c895c06bd535
Score

1^/10
behavioral12
- Target
  
  gui/nicepage.js
- Size
  
  236KB
- MD5
  
  6624323a7fe93fd9c721362d27f2130d
- SHA1
  
  af7d2b58691ef52a56087e4db107595b2d89deb8
- SHA256
  
  fbec69e6f8889ede048c91a46ce7535f7006b400fb5ceaab105097f92bd2938f
- SHA512
  
  25a9a2ffc8418a8c4c6d597da0a8f9bc439477c38904e318926324ba8f51a47f2e26cc9385347fb8422ae7636e5b8d642c9b939849d1831326cedb2c83a92657
- SSDEEP
  
  3072:2S+X2XT0vt13+TEbYuGf0YBm4hk3YXIGnh0chJlBq0R6mEUU6NPwCs9:2UXT2Kts4m3YtLhRI6NW
Score

1^/10
behavioral13
- Target
  
  gui/packed.js
- Size
  
  2KB
- MD5
  
  aeedb979ceafb91f876525e5a392220d
- SHA1
  
  49987225176018750f3285a80802ccf0827bd3d3
- SHA256
  
  ca86742f5d149305a60ac86cb2d5f4a41c751d8ea92071bcb139eac8b57c2b5a
- SHA512
  
  e4bda34bafe73797613a515802b44c461bb16e80949d69b751e686aa2584243c8bd0433de21516c0237fdca6f7a46fa8c1491701acdc5788dc9b689081eca949
Score

1^/10
behavioral14
- Target
  
  gui/resource/dashboard/pd.svg
- Size
  
  409B
- MD5
  
  1aa4cc65f2dca0e7c30898f95be8ae9d
- SHA1
  
  ab14de28e2f72660b5c564635d21506e540166da
- SHA256
  
  d15006a463520f79ac41358e4ad8af9b7e71e5f32db7eaff47149940d129056c
- SHA512
  
  8093aaf540bd55682de1cbaf1c0cd666931f8ecd1aa1d9db4d78d7b7b395e4932a4fb9a2014b37c946aac8d695e12efa52e0a95f22c1bac3ca398ad6d5d1dda0
Score

1^/10
behavioral15
- Target
  
  gui/resource/dashboard/ws.svg
- Size
  
  1KB
- MD5
  
  1a0cb3ab2730ad089f838f699c4b13a3
- SHA1
  
  780480bd16ef92e2e748d529f006ce75aef911c8
- SHA256
  
  4ce33621ac6ffbe58d2f5da9719ec648a066d65eb1fa30aa34bc8da0c7d056b6
- SHA512
  
  6fca69cefabbe61bf975c3927806dea58ed7ef31cbf46be0787f2fd6cd9b332d5a159f1c0c8613ab3ac812b1a16f722d363c206ebe6080cb42e09e484a8717d0
Score

1^/10
behavioral16
- Target
  
  gui/resource/dl.svg
- Size
  
  1KB
- MD5
  
  fd8b42e2d7936ca62fe16b6384c1b571
- SHA1
  
  b561deb1094e46eaac5246301180d312cdfac175
- SHA256
  
  93b769623e5cabe4497b5c7fa702676a3b27a2fded91d8bc5a6ffa6570208f0e
- SHA512
  
  1c8a947c57709d7fd962f70952eb3c90acccdca48e43b652fdd343f222bff9691aefc0eb9bc1f32a4fc4e265361d975c234a145c919e707e8fe86b16487f3f02
Score

1^/10
behavioral17
- Target
  
  gui/resource/domain.svg
- Size
  
  1KB
- MD5
  
  e45525f95410cb7373afabbe2309f053
- SHA1
  
  d18bf92f45287991947302d3d1afae3c52feb13b
- SHA256
  
  4bc5c2172c6b3f2ffa9f09d0a2c22dd14640398cec1a6b2a10b0eda274fefa1e
- SHA512
  
  6a32d9ab9fcfc3a0ca90643d6643ed8bcde6e11bb656f8b8d490167eb68fb7fdd1a3980c2ba1162657ee3c75bdabdb43bc0bdd1f59f69143fc20040a998be24c
Score

1^/10
behavioral18
- Target
  
  gui/resource/no.svg
- Size
  
  458B
- MD5
  
  41be58deae51feff0d52b23ba55267bb
- SHA1
  
  7facc89ac7e56a3cd15227240768c86357ba58e7
- SHA256
  
  12dbe22e6cff5f3e0d73b139215ef3470a8cc14b3e073d6ab08f9380373db7ad
- SHA512
  
  8478ecaf0b0416c4102d3945a756998c7d76426449de1245bd70e5143972d5cc56bb23ce6e9a4eacb4f2a4c91bc2f73e33f85a957bcc1f5cd4828d9ca266797d
Score

1^/10
behavioral19
- Target
  
  gui/resource/plus.svg
- Size
  
  492B
- MD5
  
  b1445d4000381422c9a199f7c4b579a2
- SHA1
  
  8e7ea7133bee2dd76a2195fceb114bdefbeaf6f4
- SHA256
  
  98494c0570bf2aafed205abf058720a442b8c4d0b18bad20ca9893fa993d5918
- SHA512
  
  b51f284a0dc6347b66d66b50460e8338dc594bad9ef458cedcf36c39fd2471ab157dcf3c27700ff5920ed06202e1cedb1912a7559990e0f76714f628525db689
Score

1^/10
behavioral20
- Target
  
  gui/resource/proxy.svg
- Size
  
  3KB
- MD5
  
  2e521fcd96d9588b71f65671d46117f9
- SHA1
  
  604d2d7744a3b18a113e75d1fa2776d48752d1f0
- SHA256
  
  c6ba8f61f4c9cd2904b203742df3da9aa536b7eed5bad745cb90ae6a95785d6f
- SHA512
  
  b94b99186b04c523ba6f254aa62595357ac920bdddc612faf2b3783d89c2f159f7dc0d3772bc04d94316d70c013f8929b51d6e011f991efb92b5d7a27645b744
Score

1^/10
behavioral21
- Target
  
  gui/resource/yes.svg
- Size
  
  417B
- MD5
  
  360523273738006fb14d43ef3cc082ea
- SHA1
  
  a94f1ded72014bd0a9eccc3db7521e84332d5f77
- SHA256
  
  e71aaae58e9361284ce58f1ef10c2c012a8f3bee8f7660e9874f7230eee11e18
- SHA512
  
  8fcc8cc868d04c19b696ce50f33e9fe77a2a8cce44d6afb95dcd9dc4159e8d7d08d98c321376cde3c67df51df22693d4baf6fedb2cff386800cd03ad0d376110
Score

1^/10
behavioral22
- Target
  
  gui/script.js
- Size
  
  2KB
- MD5
  
  ef7730a96c61a4ab85e03c9dd6bd63d5
- SHA1
  
  434a065c0d4a126984a3e09513a364bb6ffa40e7
- SHA256
  
  9aca0357bf142b1ecd70af9f994639cb92af52de396267178fa1d672ca20e4b4
- SHA512
  
  90aff01e609cde790aaa19ca72cd13ce58c8f4b87e022d570d171f1911bb5c1d209ebd5a6bf2b560a877276bc9fc9be07f1420a8f446c37dc05c55246ad65c1d
Score

1^/10
behavioral23
- Target
  
  gui/snowstorm-min.js
- Size
  
  9KB
- MD5
  
  2666c26c0d344dc3e49e6562f6620121
- SHA1
  
  410eea40549eff165da6be2065b997e6255797b6
- SHA256
  
  470b933756fca72168a157c499b5f17f5e8d1c1ea2f6a2997e00ab749b7aa986
- SHA512
  
  1165f946cc68bc77071ab3f4a25b613f884bf22f132bf84a3b6367d794822572e6bd1ce992e4cabb809572db24fe1a8f5e94c4ffd18c18f82a77f55b03f86fa7
- SSDEEP
  
  192:1dej/qbV5M5d+5/5SnByw8KXK0R+zL85yT81NXMPyjLtnRvY8C:1eybVWL+tmyw8KXK0cL8yT819MPyjLt2
Score

1^/10
behavioral24
- Target
  
  resource/ResourceHacker.exe
- Size
  
  5.4MB
- MD5
  
  b406ef352a5e5260f179e7abd2feb846
- SHA1
  
  faabfd4a58775a9c2240bb07a48b7451506fd984
- SHA256
  
  4ab1a1035588f0c99b00e39d87ef9a0d940437a05802f0e75956ab65149133be
- SHA512
  
  bd10dd1d21dde7ddc77e91a5bc769797fe7388168f71225afac337b9aabb41b362cb6abcac1eac545ad2ec36686b48f6fe52c4036e27f903939e9a73fad6be1b
- SSDEEP
  
  49152:7DDFVHcYex2EIjwg5mSw9EOl3jQ2i5W0OJ6HH0Hk1qZejTggTUQG+xblVMnsNxAe:7P/LEiLMQ2t0OJ6Jq6khQREZK
Score

1^/10
behavioral25

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Shurk

Shurk Stealer payload

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25