90f000c4b42f98f45fb2f4b7a3e180a26d354abcd30fa48717930bf044af8e58 | Triage

Sharing

General

Target

Aurora X [by GodsExploits].zip
Size

8.4MB
Sample

240225-xy148sac62
MD5

da2ab4a0dc2e9ee5fa66c61cfe7247b8
SHA1

aca1c1e7f7bd927107364f0ac7403bbfae79cc17
SHA256

90f000c4b42f98f45fb2f4b7a3e180a26d354abcd30fa48717930bf044af8e58
SHA512

cf31234eee0fc0f0eeba40c6e97b41fd064a3e986aa408e52a147fcfb34f3caf8c78ba189c2a6eacbf75e42a5aac00c9db8700ee0c8d4c2d9e88c268767e215c
SSDEEP

196608:R4r8un8Pomzo7p+GmcSLkyARVaj0nhMz+WtA7GJOhRWCE9B+ft76Q6ou6:3j3mTm1IyARhG+OJxCgBg2Q6o7

Score

10^/10

cryptone discovery packer spyware stealer

Malware Config

Targets

- Target
  
  Aurora V3.1.rar
- Size
  
  8.4MB
- MD5
  
  78c008deb73339bf6b6511dd4fbf887f
- SHA1
  
  1e51b31755a5eac9fd144b346ee2cc54873e4f71
- SHA256
  
  fd92e0029c3d4430b2d734f374d823c588bd1f3633e931944d3450d5263663dd
- SHA512
  
  1b322afb56ab9d55d4757d427bbcc40e4b50158263fd08585fd57a7c2d4d0575269e546f32414fd3525c251140e94625b3146f3392f24f676fb0405b6a754029
- SSDEEP
  
  196608:/4r8un8Pomzo7p+GmcSLkyARVaj0nhMz+WtA7GJOhRWCE9B+ft76Q6ouP:Rj3mTm1IyARhG+OJxCgBg2Q6oU
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  Aurora/Aurora.exe
- Size
  
  1.1MB
- MD5
  
  38d563d90178c931132a5bd2dc05b76f
- SHA1
  
  4511b5462cddaf7835d20375f8e13087aedd3e5d
- SHA256
  
  a4cf6887caa6ca97d42659f9ab424c60cdfb41798f10bb429cb94379cd29ec83
- SHA512
  
  19810c3642d9d909a3632456c24837d021ffce267243e2d183f3c1ae3e8edd937df3e50ee26f3beae53a65a291283de801ee5581d7ac4582669879d8e97d9cfe
- SSDEEP
  
  24576:OlEXbCnFzRa860/IN7yUZoY/A6m9xzyysV2:5G9c3N7yUZoY/ALxz3sY
Score

10^/10

discovery spyware stealer
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral3 behavioral4
- Target
  
  Aurora/scripts/scripts.dll
- Size
  
  18.7MB
- MD5
  
  88fd7dbf04bcf75123d02009aea3f7f7
- SHA1
  
  cecf16bdad71e54afc941179ea2b7438a04efa1d
- SHA256
  
  01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
- SHA512
  
  2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
- SSDEEP
  
  393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8
Score

1^/10
behavioral5 behavioral6
- Target
  
  README.txt
- Size
  
  26B
- MD5
  
  7ff5e4de2e2d15161cb97dcb8d764928
- SHA1
  
  40cfe038183f43ac5822957e606b40e845448cf3
- SHA256
  
  95f75442d82a6b66a53835acffdc3278eb2fc9c56fe13dfce3cb190f9154aa3d
- SHA512
  
  2808c1285562936f68174fe523b31b27a6b7a61df1e61fd5b9de57b5eeaa6aadddfdd062c31fada438436336aeaa0e90cdece4f42827d60dcb272c90988a2fbe
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

discoveryspywarestealer

behavioral4

discoveryspywarestealer

behavioral5

behavioral6

behavioral7

behavioral8