aurora | 432a7171271b0d0135e2acff0e050b5f1a4b6a54a3f04d6e58d598f687c9c128

Resubmissions

04-03-2024 16:51

02-12-2023 22:00

max time kernel
141s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231130-en
resource tags

arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2023 22:00

Target

WWSBot.exe
Size

8.6MB
MD5

d1b34597bc267179917191267189a4a6
SHA1

fd37c0f66c80e43fb503451f32527496dfb6e981
SHA256

432a7171271b0d0135e2acff0e050b5f1a4b6a54a3f04d6e58d598f687c9c128
SHA512

d848e7dae60ca4a13f4ed4a7cb0a2ae27e5b6865c4f1c617c0b528299e3489d84b49253528161b9e81db7ea51ade1eb6a993ac277ebadd2c4a860cebff2c8803
SSDEEP

24576:tN+qbmS6e/1ijwnQFpP1CJUmWw5/Ky9YawDZoaZC0gvbm49kLDA5gHdf6sxJwESo:WqbmSL/0wnQX1C3gk+lKbyf/z1

Score

10^/10

aurora stealer

Family

aurora

94.142.138.29:8081

Aurora
Aurora is a crypto wallet stealer written in Golang.
stealer aurora
Suspicious use of SetThreadContext 1 IoCs

Processes:

WWSBot.exe

description pid process target process

PID 5100 set thread context of 4492 5100 WWSBot.exe WWSBot.exe

description	pid	process	target process
PID 5100 set thread context of 4492	5100	WWSBot.exe	WWSBot.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

WWSBot.exe

description	pid	process	target process
PID 5100 wrote to memory of 4492	5100	WWSBot.exe	WWSBot.exe
PID 5100 wrote to memory of 4492	5100	WWSBot.exe	WWSBot.exe
PID 5100 wrote to memory of 4492	5100	WWSBot.exe	WWSBot.exe
PID 5100 wrote to memory of 4492	5100	WWSBot.exe	WWSBot.exe
PID 5100 wrote to memory of 4492	5100	WWSBot.exe	WWSBot.exe
PID 5100 wrote to memory of 4492	5100	WWSBot.exe	WWSBot.exe
PID 5100 wrote to memory of 4492	5100	WWSBot.exe	WWSBot.exe
PID 5100 wrote to memory of 4492	5100	WWSBot.exe	WWSBot.exe
PID 5100 wrote to memory of 4492	5100	WWSBot.exe	WWSBot.exe
PID 5100 wrote to memory of 4492	5100	WWSBot.exe	WWSBot.exe

C:\Users\Admin\AppData\Local\Temp\WWSBot.exe
"C:\Users\Admin\AppData\Local\Temp\WWSBot.exe"
2⤵
PID:4492

memory/4492-0-0x0000000000180000-0x00000000004DC000-memory.dmp

Filesize
3.4MB

Download
memory/4492-5-0x0000000000180000-0x00000000004DC000-memory.dmp

Filesize
3.4MB

Download
memory/4492-11-0x0000000000180000-0x00000000004DC000-memory.dmp

Filesize
3.4MB

Download
memory/4492-12-0x0000000000180000-0x00000000004DC000-memory.dmp

Filesize
3.4MB

Download
memory/4492-10-0x0000000000180000-0x00000000004DC000-memory.dmp

Filesize
3.4MB

Download
memory/4492-13-0x0000000000180000-0x00000000004DC000-memory.dmp

Filesize
3.4MB

Download
memory/4492-14-0x0000000000180000-0x00000000004DC000-memory.dmp

Filesize
3.4MB

Download
memory/4492-15-0x0000000000180000-0x00000000004DC000-memory.dmp

Filesize
3.4MB

Download
memory/4492-17-0x0000000000180000-0x00000000004DC000-memory.dmp

Filesize
3.4MB

Download
memory/4492-19-0x0000000000180000-0x00000000004DC000-memory.dmp

Filesize
3.4MB

Download
memory/4492-21-0x0000000000180000-0x00000000004DC000-memory.dmp

Filesize
3.4MB

Download
memory/4492-23-0x0000000000180000-0x00000000004DC000-memory.dmp

Filesize
3.4MB

Download
memory/4492-24-0x0000000000180000-0x00000000004DC000-memory.dmp

Filesize
3.4MB

Download
memory/4492-26-0x0000000000180000-0x00000000004DC000-memory.dmp

Filesize
3.4MB

Download
memory/4492-28-0x0000000000180000-0x00000000004DC000-memory.dmp

Filesize
3.4MB

Download