General
-
Target
Aurora X [by RyosX].zip
-
Size
10.4MB
-
Sample
240301-2eq75sef23
-
MD5
3679908dcd999e23109d0d8d048e1ca5
-
SHA1
e51c26b6a08a7e3e1777b1ada82ad483cdb7ceec
-
SHA256
6f8dbd9ce45ced142cb383ebdfde4ddcdce4dfc9b687fcff6ff96ec560363d6f
-
SHA512
0ab59dc295bf90d3c7a96cc55f17f437972c2924669a6614d62288338f4497043bedab1cf678ae2cba3fd4a479439401080b9a955f355d2f9f4a9ecd698a7386
-
SSDEEP
196608:QOOeRei4AOJ3umstZQgibgpi5jO3N+2DjEH/IXHql9aPPyY8lVNgh4S811HY0q9v:QyRZejKIwejkri9uth4SOY+m
Behavioral task
behavioral1
Sample
Aurora_V3/Aurora X.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Aurora_V3/Aurora X.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Aurora_V3/scripts/scripts.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Aurora_V3/scripts/scripts.dll
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Aurora_V3/Aurora X.exe
-
Size
7.3MB
-
MD5
d471b2f2fe01308799bb6af831a147a7
-
SHA1
cbf653ce9ef4bef3b706bdb24a70d2cf00e8929f
-
SHA256
d95e82392d720911f7eb5d8856b8ccd2427e51645975cdf8081560c2f6967ffb
-
SHA512
bbbe82a39bc9d64dd043b740bbdc50198e6d2189fbbc6516d7a189b1806ebf1072e4528592d6aeef4ebe3aa30d5c27865cb89c23d6746c98d0e40b1b409cc4bb
-
SSDEEP
98304:pTQj8ksHO5w3N/M/TQbjsS+Jn0cRtuxscVvetPVPp3pNre0xrvpo7u:pTOdiU/UbwXtuxwJVxZNre0xrgu
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
-
-
Target
Aurora_V3/scripts/scripts.dll
-
Size
18.7MB
-
MD5
88fd7dbf04bcf75123d02009aea3f7f7
-
SHA1
cecf16bdad71e54afc941179ea2b7438a04efa1d
-
SHA256
01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
-
SHA512
2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
-
SSDEEP
393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8
Score1/10 -