Overview

overview

10

Static

static

7

5903752a25...bc.exe

windows7-x64

10

5903752a25...bc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5903752a25f8e28a9513478b749444bc.bin

  • Size

    6.6MB

  • Sample

    230607-ccg41sha4t

  • MD5

    5903752a25f8e28a9513478b749444bc

  • SHA1

    8b157670d1caac82e986e5ee2eaab108e2ab8277

  • SHA256

    049bfff97fbb2c5e53eeed6df36d2c93c7cca199d42c0247c784b39db90f173b

  • SHA512

    8621379c897bbc939f949965d3c175b0229995e0b1c5c240c40b337ffe678c056b29b9960bb1087965f55e855e752bca9abb622faa10474df99fbdb8687e9f72

  • SSDEEP

    98304:KZhTtczvVIQanrevtxi7tTbHoyqxHqtutYu67GQbUstvlDrjeefbmta4/6ffZ:KZhTt+5arcm1UveEYPbUsjraqbmt+

Score
10/10
auroraevasionstealerthemidatrojan

Malware Config

Extracted

Family

aurora

C2

89.22.227.50:8081

Targets

    • Target

      5903752a25f8e28a9513478b749444bc.bin

    • Size

      6.6MB

    • MD5

      5903752a25f8e28a9513478b749444bc

    • SHA1

      8b157670d1caac82e986e5ee2eaab108e2ab8277

    • SHA256

      049bfff97fbb2c5e53eeed6df36d2c93c7cca199d42c0247c784b39db90f173b

    • SHA512

      8621379c897bbc939f949965d3c175b0229995e0b1c5c240c40b337ffe678c056b29b9960bb1087965f55e855e752bca9abb622faa10474df99fbdb8687e9f72

    • SSDEEP

      98304:KZhTtczvVIQanrevtxi7tTbHoyqxHqtutYu67GQbUstvlDrjeefbmta4/6ffZ:KZhTt+5arcm1UveEYPbUsjraqbmt+

    Score
    10/10
    auroraevasionstealerthemidatrojan

    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

      stealeraurora

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks