1dcdeee44784f7d34e81933673d9d64e87e0345b36c14f30a0551984ee60a86a | Triage

Sharing

General

Target

AvroraX.rar
Size

9.3MB
Sample

240211-tz73dsbg37
MD5

f79fcf30c93284d88903e597c17f1e57
SHA1

d852b33ffe9ead6d4f71fd20194c67e33004c706
SHA256

1dcdeee44784f7d34e81933673d9d64e87e0345b36c14f30a0551984ee60a86a
SHA512

8e8d13a69002d9bd55b55b078cab541f1329c028d277bd75f7638383cceb5bc282bd6b61f4f720cb54ac3ad73089f1c41bbb94610456a9280ce49e8e58c828e3
SSDEEP

196608:3RMlEjCDJekzNdnlwb8QTeyc/nMet8XjtLmoxZ98sQCE3RMpk:3RMlEjCDD3XN/Met8XjtmoXxQdGk

Score

9^/10

cryptone packer

Malware Config

Targets

- Target
  
  Aurora X/Aurora X Executor.exe
- Size
  
  250.0MB
- MD5
  
  92564c95c7e74fdeebb377d27e9d290e
- SHA1
  
  769316c8b4ccd231e2f5d69833dc091767eece5c
- SHA256
  
  d7e49f8cff2989f09d7715b32eb9572cca1dc82a8438111a3c4d1dcb67cbc970
- SHA512
  
  ab09a5788170fbcbaa0c018564f05a39133b928f3204327961306c3a6e8d940898d56efc4b7970422f26ae6ac626d5dad57c39c7cd57789597bbb28d4bc4280b
- SSDEEP
  
  49152:r1IlxGGWIBgYxXjC036Nh/J/JV9ZXOUwiNUJmejgYSicTWL:G3PdBD8PV9nwi6
Score

5^/10
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Aurora X/scripts/scripts.dll
- Size
  
  18.7MB
- MD5
  
  88fd7dbf04bcf75123d02009aea3f7f7
- SHA1
  
  cecf16bdad71e54afc941179ea2b7438a04efa1d
- SHA256
  
  01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
- SHA512
  
  2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
- SSDEEP
  
  393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4