Overview

overview

9

Static

static

9

Aurora_V3/... X.exe

windows7-x64

7

Aurora_V3/... X.exe

windows10-2004-x64

7

Aurora_V3/...ts.dll

windows7-x64

1

Aurora_V3/...ts.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Aurora X [by RyosX].zip

  • Size

    10.4MB

  • Sample

    240301-2eq75sef23

  • MD5

    3679908dcd999e23109d0d8d048e1ca5

  • SHA1

    e51c26b6a08a7e3e1777b1ada82ad483cdb7ceec

  • SHA256

    6f8dbd9ce45ced142cb383ebdfde4ddcdce4dfc9b687fcff6ff96ec560363d6f

  • SHA512

    0ab59dc295bf90d3c7a96cc55f17f437972c2924669a6614d62288338f4497043bedab1cf678ae2cba3fd4a479439401080b9a955f355d2f9f4a9ecd698a7386

  • SSDEEP

    196608:QOOeRei4AOJ3umstZQgibgpi5jO3N+2DjEH/IXHql9aPPyY8lVNgh4S811HY0q9v:QyRZejKIwejkri9uth4SOY+m

Score
9/10
cryptonepackerspyware

Malware Config

Targets

    • Target

      Aurora_V3/Aurora X.exe

    • Size

      7.3MB

    • MD5

      d471b2f2fe01308799bb6af831a147a7

    • SHA1

      cbf653ce9ef4bef3b706bdb24a70d2cf00e8929f

    • SHA256

      d95e82392d720911f7eb5d8856b8ccd2427e51645975cdf8081560c2f6967ffb

    • SHA512

      bbbe82a39bc9d64dd043b740bbdc50198e6d2189fbbc6516d7a189b1806ebf1072e4528592d6aeef4ebe3aa30d5c27865cb89c23d6746c98d0e40b1b409cc4bb

    • SSDEEP

      98304:pTQj8ksHO5w3N/M/TQbjsS+Jn0cRtuxscVvetPVPp3pNre0xrvpo7u:pTOdiU/UbwXtuxwJVxZNre0xrgu

    Score
    7/10
    spyware

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Aurora_V3/scripts/scripts.dll

    • Size

      18.7MB

    • MD5

      88fd7dbf04bcf75123d02009aea3f7f7

    • SHA1

      cecf16bdad71e54afc941179ea2b7438a04efa1d

    • SHA256

      01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4

    • SHA512

      2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917

    • SSDEEP

      393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks