aurora | 3ff2423d73a03b7113872e7154373fb346a826a7bd1f4cd7577e15764ce47ff8 | Triage

Sharing

General

Target

runtime.exe
Size

227.2MB
Sample

230630-wkpcvafc4x
MD5

7d7fc05dffdd1920250b8f2aa4af3959
SHA1

0ae64733075203122be0baedd4eefca22fc1402a
SHA256

3ff2423d73a03b7113872e7154373fb346a826a7bd1f4cd7577e15764ce47ff8
SHA512

73daec7a287fa7119fe44cf71b3780c4c51159f5562a80e6e6da73206954cf76af513c85cd7684eb003141bacb7c1449366d7023fa6d4f37631dc53b6eaae68c
SSDEEP

49152:pyWMOEmrU4VWLP6zev05oej0EL9gCegK/efy5d8A45EG273LCV0UOQJUh9q101GF:Eq6PQn4/9GEp32VLV+h9sF

Score

10^/10

aurora persistence

Malware Config

Extracted

Family

aurora

C2

167.235.58.189:456

Targets

- Target
  
  runtime.exe
- Size
  
  227.2MB
- MD5
  
  7d7fc05dffdd1920250b8f2aa4af3959
- SHA1
  
  0ae64733075203122be0baedd4eefca22fc1402a
- SHA256
  
  3ff2423d73a03b7113872e7154373fb346a826a7bd1f4cd7577e15764ce47ff8
- SHA512
  
  73daec7a287fa7119fe44cf71b3780c4c51159f5562a80e6e6da73206954cf76af513c85cd7684eb003141bacb7c1449366d7023fa6d4f37631dc53b6eaae68c
- SSDEEP
  
  49152:pyWMOEmrU4VWLP6zev05oej0EL9gCegK/efy5d8A45EG273LCV0UOQJUh9q101GF:Eq6PQn4/9GEp32VLV+h9sF
Score

6^/10

persistence
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1