Overview

overview

10

Static

static

9

AUR0RA V3/...V3.exe

windows10-2004-x64

10

AUR0RA V3/...ts.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AUR0RA V3.rar

  • Size

    9.0MB

  • Sample

    240406-2ksm6ada8z

  • MD5

    0df42dd74a3e614a12173fd71aaf98fe

  • SHA1

    52e949b521a2ff7671b663ec5b8ab197e5dd7ffd

  • SHA256

    656eb84822afbd053bf199f8362fd15b7fef64f18c83ff74f6fb547dbc6ad813

  • SHA512

    3347ef6ec4389671d8c3929e9ec9d730c5941528866e8e6011927d2ef288be179f320f7d61c8f8fa68f6888c385bfac72b850d7c0819bdaee8d744d901a5839b

  • SSDEEP

    196608:ZqqB7bIs+K5/wcoKsZpyCa4sbJNtoKpwI0qWgQUoobIxYovpHa:ZqC+KChLyp4uNmRI0qkwtmHa

Score
10/10
riseprocryptonepackerspywarestealer

Malware Config

Targets

    • Target

      AUR0RA V3/AURORAV3.exe

    • Size

      287.0MB

    • MD5

      ae6a6df39b6c4c157233078507d95e11

    • SHA1

      2a58a806431b91b0d08044e58293dc4493800718

    • SHA256

      9ffaea98983a0fe1749a30f766267ca3a2a485247fbd6153492cea0decdf1fb5

    • SHA512

      5948e3a6984742325698652072fcedcff22468dfcf4f2a62e50343e50aa5ff8a42da89510e8ccd010c03b14173e702736b1a05a38cea7a092a8080e1042d309b

    • SSDEEP

      49152:NqttHg4EaM9b/+P5LCShPVJPuNJrdlaVtwI1EgBX:NQA4Ef5YNCSbWJRlCwIDBX

    Score
    10/10
    riseprospywarestealer

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1

    • Target

      AUR0RA V3/scripts/scripts.dll

    • Size

      18.7MB

    • MD5

      88fd7dbf04bcf75123d02009aea3f7f7

    • SHA1

      cecf16bdad71e54afc941179ea2b7438a04efa1d

    • SHA256

      01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4

    • SHA512

      2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917

    • SSDEEP

      393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8

    Score
    1/10
    behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Process Discovery

1
T1057

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks