General
-
Target
AUR0RA V3.rar
-
Size
9.0MB
-
Sample
240406-2ksm6ada8z
-
MD5
0df42dd74a3e614a12173fd71aaf98fe
-
SHA1
52e949b521a2ff7671b663ec5b8ab197e5dd7ffd
-
SHA256
656eb84822afbd053bf199f8362fd15b7fef64f18c83ff74f6fb547dbc6ad813
-
SHA512
3347ef6ec4389671d8c3929e9ec9d730c5941528866e8e6011927d2ef288be179f320f7d61c8f8fa68f6888c385bfac72b850d7c0819bdaee8d744d901a5839b
-
SSDEEP
196608:ZqqB7bIs+K5/wcoKsZpyCa4sbJNtoKpwI0qWgQUoobIxYovpHa:ZqC+KChLyp4uNmRI0qkwtmHa
Behavioral task
behavioral1
Sample
AUR0RA V3/AURORAV3.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
AUR0RA V3/scripts/scripts.dll
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
AUR0RA V3/AURORAV3.exe
-
Size
287.0MB
-
MD5
ae6a6df39b6c4c157233078507d95e11
-
SHA1
2a58a806431b91b0d08044e58293dc4493800718
-
SHA256
9ffaea98983a0fe1749a30f766267ca3a2a485247fbd6153492cea0decdf1fb5
-
SHA512
5948e3a6984742325698652072fcedcff22468dfcf4f2a62e50343e50aa5ff8a42da89510e8ccd010c03b14173e702736b1a05a38cea7a092a8080e1042d309b
-
SSDEEP
49152:NqttHg4EaM9b/+P5LCShPVJPuNJrdlaVtwI1EgBX:NQA4Ef5YNCSbWJRlCwIDBX
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
AUR0RA V3/scripts/scripts.dll
-
Size
18.7MB
-
MD5
88fd7dbf04bcf75123d02009aea3f7f7
-
SHA1
cecf16bdad71e54afc941179ea2b7438a04efa1d
-
SHA256
01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
-
SHA512
2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
-
SSDEEP
393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8
Score1/10 -