aurora | 83d67c10baf6087354badb32305228e3addefca87641b2cf8fe7045daed43b10 | Triage

Sharing

General

Target

runtime.zip
Size

4.6MB
Sample

240214-dtpqvsfe6z
MD5

fba5e1f4c44fdace80adb051d22cdbb3
SHA1

7e9e86471a0628a1578b488128ae67aa05debbc9
SHA256

83d67c10baf6087354badb32305228e3addefca87641b2cf8fe7045daed43b10
SHA512

0185ef82ba86b2771906aacda63c8bd94fdc4a787cecbb1b90b10edf3a5a21d4733f8dcc2d3ed6b66d7a094c8c0cc22e32a41a6af18b688b0293132c188e95ad
SSDEEP

49152:+iUVTWSq0Tp9feYHD53V1a4nBv2hlVKD5EWRueBj68gKgMQT02p:zSJN9hHDBVwoSls1ELeBulKgMQT02p

Score

10^/10

aurora persistence stealer

Malware Config

Extracted

Family

aurora

C2

167.235.58.189:456

Targets

- Target
  
  runtime.exe
- Size
  
  1024.0MB
- MD5
  
  12e85f4fb4973d62ebfd30cf52412512
- SHA1
  
  097d71e82681fbaa290f8bf2f49929a2a1206e87
- SHA256
  
  ff3977b7044b3739035cbd17b6d462886b7e228d666c780b8a70c887af797243
- SHA512
  
  bc44f93e99813b124307611b64af16d37d27dc637c50ea9a0852d3907850219ac08cd0316a944762434186ab3e3f5cce4d2c13efd7d4adab95680f3368976f22
- SSDEEP
  
  49152:pyWMOEmrU4VWLP6zev05oej0EL9gCegK/efy5d8A45EG273LCV0UOQJUh9q101GF:Eq6PQn4/9GEp32VLV+h9sF
Score

10^/10

aurora persistence stealer
- Aurora
  Aurora is a crypto wallet stealer written in Golang.
  stealer aurora
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

aurorapersistencestealer

behavioral2

aurorapersistencestealer