General
-
Target
Aur0 Expl0oit.zip
-
Size
10.5MB
-
Sample
240328-m926kaba51
-
MD5
4a87b10c7b5524724d44d2f8585f97f0
-
SHA1
62c8fe0ab21dc0a12e5f05bbafbcf1fc33e69a60
-
SHA256
2a1106628a2a9144da6a14c8cbb8e8c4168822948bcf1e3a2e4018255bfa3f13
-
SHA512
e06345fa2cc83d9606c1c86c9477dbb08a5a29d07ac2745f8f3d81a23a6ab4fc11085cdcc154a9980889578a507120d33f0e845aec1f7f683aeaa475adc835be
-
SSDEEP
196608:B/pZGdnwk+Y53DIo5+QVpkephRQdgsk+tdzZ393626yRwcZ93MwadRZS:NXGF5+YZDIow0pZRQdDdtd33f8gmZdO
Behavioral task
behavioral1
Sample
Aur0 Expl0oit/Exec Avr0ra.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Aur0 Expl0oit/Exec Avr0ra.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$TEMP/Tgp.exe
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
$TEMP/Tgp.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
Aur0 Expl0oit/Exec Avr0ra.exe
-
Size
287.0MB
-
MD5
82d5fe539bf5f8cc329856f317aeeabc
-
SHA1
996c2d764a476747c75d5746dbebb48fbbd51293
-
SHA256
e693351836405e775a4dd49eaa00127800e8c09065305a960a7cc860cb569882
-
SHA512
f858ddfa22999936b7160047f48d3e26e523493b08eea48c5457114803e65d99b323e9109ccc23de49ea8897fbe91ff9bc466c805cb8e904f149e04f044abfb3
-
SSDEEP
49152:7nV6rsrSJRbXdYXWHbWMijWpQRTPOxiaB:7ysOJRbXdgWHFSOxi
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
$TEMP/Tgp
-
Size
189KB
-
MD5
0bbd8453272bfbb873fb69f3308d4bc1
-
SHA1
ba24b397c30e608234be888640bde34fce8f6120
-
SHA256
483cb6a8e2a98c9ff10ca18ca8f757340c381b4d6fffd6e86e0d1e9b08aaf131
-
SHA512
3ef2975a733645855137be9168e2dabbfc376d27abad78871b0426da458d34072d7db91c438727002f9cccc07c2f55e3a06b3807f04dc0c4159b0eb9730b475b
-
SSDEEP
3072:1Zg5PXPeiR6MKkjGWoUlJUPdgQa8Bp/LxyA3laW2UDQWf05mjccBiqXvpgF4qv+F:1K5vPeDkjGgQaE/loUDtf0accB3gBmF
Score1/10 -