General
-
Target
by RyosXpl0its [Goddy's].zip
-
Size
9.0MB
-
Sample
240404-wsjsbsfa76
-
MD5
5ea29c176dab93a64eef19cc9df2819b
-
SHA1
4c508d88b1e3cc6f30df5d8c6b60175295b2cb17
-
SHA256
c99b8820a1c79f85af87bb753224f2cb62815a211666e36a336841f738184e2d
-
SHA512
431ad834e7ef22787a3616e3f53158e0a83ccc6fcbc8a85c4bdf9d0a7d0827cf58c6d3662b5a62c307a0096d1a5313d59d3ae5da50600626d4320152ed04fe18
-
SSDEEP
196608:BvEKPFCZPaQhk0n5+ubB9joAExRMIFpHHSbw+fX:qKPcZa4k05BB9jopPjFpnUX
Behavioral task
behavioral1
Sample
Aur0raV1/AUR0RA.exe
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
Aur0raV1/AUR0RA.exe
-
Size
1.6MB
-
MD5
6836af5b9e36906f4505e246e2b299c3
-
SHA1
5bff2b67cdd417c0c678e1437dc6887654ccf766
-
SHA256
7acdbf629d2f584be945417534dac0d0f4f3d75ae3f0c6d29df5031dffb8692e
-
SHA512
e77806f171a87e79c4760d13b91ba5b1a7da700ab3e58859e710c986f1eab070abfabf31e709ec696219609528f0d713c820f1927b7693be9340dc358d512ab8
-
SSDEEP
49152:/8hEcYjZEcQO8uGZY/r8h17D/eCTHziY32:/KEv1/WJGCjz8
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-