aurora | 21bd925baf84272f5e5247e89646c8451c527fb4dbc15c4ac87615329d6d92ab

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23-08-2023 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

install.exe
Size

7.3MB
MD5

7d26dce6ba89dedbd27455167f0a3044
SHA1

19e3b77457a387ab5089b276056af074d0f8e77a
SHA256

21bd925baf84272f5e5247e89646c8451c527fb4dbc15c4ac87615329d6d92ab
SHA512

a474a6cd9a9195389a631f5f7637e212fe4f89f2d848a85acfa2778c5efc4c69047196ae6d7f78254fc600ebc00e2faf9d6bfeb2ac7c43f31062d7d827077f6d
SSDEEP

24576:T0zKbWffNzzG+5DnKW4YRcTCDyO+QlehV7UC7vNbMWA9qIZ/QD83qZ/gbaq/EqJO:T0mbW3NzX5rtsTCAWtKCRGz1

Score

10^/10

aurora stealer

Malware Config

Extracted

Family

aurora

45.15.156.210:8081

Signatures

Aurora
Aurora is a crypto wallet stealer written in Golang.
stealer aurora
Suspicious use of SetThreadContext 1 IoCs

Processes:

install.exe

description pid process target process

PID 1368 set thread context of 2280 1368 install.exe install.exe

description	pid	process	target process
PID 1368 set thread context of 2280	1368	install.exe	install.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

install.exe

description	pid	process	target process
PID 1368 wrote to memory of 2280	1368	install.exe	install.exe
PID 1368 wrote to memory of 2280	1368	install.exe	install.exe
PID 1368 wrote to memory of 2280	1368	install.exe	install.exe
PID 1368 wrote to memory of 2280	1368	install.exe	install.exe
PID 1368 wrote to memory of 2280	1368	install.exe	install.exe
PID 1368 wrote to memory of 2280	1368	install.exe	install.exe
PID 1368 wrote to memory of 2280	1368	install.exe	install.exe
PID 1368 wrote to memory of 2280	1368	install.exe	install.exe
PID 1368 wrote to memory of 2280	1368	install.exe	install.exe
PID 1368 wrote to memory of 2280	1368	install.exe	install.exe

C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1368

C:\Users\Admin\AppData\Local\Temp\install.exe
"C:\Users\Admin\AppData\Local\Temp\install.exe"
2⤵
PID:2280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2280-0-0x0000000000120000-0x000000000047C000-memory.dmp

Filesize
3.4MB

Download
memory/2280-5-0x0000000000120000-0x000000000047C000-memory.dmp

Filesize
3.4MB

Download
memory/2280-10-0x0000000000120000-0x000000000047C000-memory.dmp

Filesize
3.4MB

Download
memory/2280-11-0x0000000000120000-0x000000000047C000-memory.dmp

Filesize
3.4MB

Download
memory/2280-12-0x0000000000120000-0x000000000047C000-memory.dmp

Filesize
3.4MB

Download
memory/2280-13-0x0000000000120000-0x000000000047C000-memory.dmp

Filesize
3.4MB

Download
memory/2280-14-0x0000000000120000-0x000000000047C000-memory.dmp

Filesize
3.4MB

Download
memory/2280-15-0x0000000000120000-0x000000000047C000-memory.dmp

Filesize
3.4MB

Download
memory/2280-16-0x0000000000120000-0x000000000047C000-memory.dmp

Filesize
3.4MB

Download
memory/2280-17-0x0000000000120000-0x000000000047C000-memory.dmp

Filesize
3.4MB

Download
memory/2280-18-0x0000000000120000-0x000000000047C000-memory.dmp

Filesize
3.4MB

Download
memory/2280-19-0x0000000000120000-0x000000000047C000-memory.dmp

Filesize
3.4MB

Download
memory/2280-20-0x0000000000120000-0x000000000047C000-memory.dmp

Filesize
3.4MB

Download
memory/2280-21-0x0000000000120000-0x000000000047C000-memory.dmp

Filesize
3.4MB

Download
memory/2280-22-0x0000000000120000-0x000000000047C000-memory.dmp

Filesize
3.4MB

Download
memory/2280-23-0x0000000000120000-0x000000000047C000-memory.dmp

Filesize
3.4MB

Download
memory/2280-24-0x0000000000120000-0x000000000047C000-memory.dmp

Filesize
3.4MB

Download
memory/2280-25-0x0000000000120000-0x000000000047C000-memory.dmp

Filesize
3.4MB

Download
memory/2280-26-0x0000000000120000-0x000000000047C000-memory.dmp

Filesize
3.4MB

Download
memory/2280-27-0x0000000000120000-0x000000000047C000-memory.dmp

Filesize
3.4MB

Download
memory/2280-28-0x0000000000120000-0x000000000047C000-memory.dmp

Filesize
3.4MB

Download