55d69ef895cf6cc504a8cb65531c20bce93877a2b47f4533d3772a16710239a3

Sharing

Copy URL

Twitter E-mail

General

Target

by Ry0s [GoddyAvroraXploits].zip
Size

9.0MB
Sample

240407-nrat2abg9v
MD5

36fa8807cf60db8049d83aa951d2eead
SHA1

cd64e0b38ce35774fb7da582e26696e6afe685f7
SHA256

55d69ef895cf6cc504a8cb65531c20bce93877a2b47f4533d3772a16710239a3
SHA512

19b6bfeb262094da9abfe54fdf2ff80184764bf4746eda364979ab94a1d9fcff0828b5c6bd9b54d93ec1bff7de332f3215fa67c567ad50f105016674be8e21e2
SSDEEP

196608:w6pdCm1UHfuRMHdyvJJTRHM2qS5zBpGQDmo6u:ppdbUHfuRM0vJJTRSqG+mo6u

Score

10^/10

cryptone packer

Malware Config

Targets

- Target
  
  by Ry0s [GoddyAvroraXploits].zip
- Size
  
  9.0MB
- MD5
  
  36fa8807cf60db8049d83aa951d2eead
- SHA1
  
  cd64e0b38ce35774fb7da582e26696e6afe685f7
- SHA256
  
  55d69ef895cf6cc504a8cb65531c20bce93877a2b47f4533d3772a16710239a3
- SHA512
  
  19b6bfeb262094da9abfe54fdf2ff80184764bf4746eda364979ab94a1d9fcff0828b5c6bd9b54d93ec1bff7de332f3215fa67c567ad50f105016674be8e21e2
- SSDEEP
  
  196608:w6pdCm1UHfuRMHdyvJJTRHM2qS5zBpGQDmo6u:ppdbUHfuRM0vJJTRSqG+mo6u
Score

1^/10
behavioral1
- Target
  
  AURORAV1.rar
- Size
  
  9.0MB
- MD5
  
  ee482ba7d6c88de092473eb6f00f791c
- SHA1
  
  4d203c290aea389707c7ef022004da21f7ebda92
- SHA256
  
  3f46c4fcfe1bcc0b2e01d4ad06c2f968ea732295e99e5c61b80e42d95bf3f02c
- SHA512
  
  d3263a5791ffe20f178880635b182b8b4582ab8f1f850c3f5f8a7167327e35b0f82277145b5e15dc04546963dfcefe6fc848c2fbe4e26fa94a22e809ade5859e
- SSDEEP
  
  196608:M6pdCm1UHfuRMHdyvJJTRHM2qS5zBpGQDmo6V:1pdbUHfuRM0vJJTRSqG+mo6V
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral2
- Target
  
  AURORAV1/AVRORA V1.exe
- Size
  
  287.0MB
- MD5
  
  ae6a6df39b6c4c157233078507d95e11
- SHA1
  
  2a58a806431b91b0d08044e58293dc4493800718
- SHA256
  
  9ffaea98983a0fe1749a30f766267ca3a2a485247fbd6153492cea0decdf1fb5
- SHA512
  
  5948e3a6984742325698652072fcedcff22468dfcf4f2a62e50343e50aa5ff8a42da89510e8ccd010c03b14173e702736b1a05a38cea7a092a8080e1042d309b
- SSDEEP
  
  49152:NqttHg4EaM9b/+P5LCShPVJPuNJrdlaVtwI1EgBX:NQA4Ef5YNCSbWJRlCwIDBX
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral3
- Target
  
  $INTERNET_CACHE/Alot
- Size
  
  46KB
- MD5
  
  2f9f83a1d508d78c3672034a43a293c5
- SHA1
  
  1f7baf69f61e749464fd6e1e4569e9a22de1c548
- SHA256
  
  0634b38196d73953401fb0348cc208625f40dc70979f13ed754277ba7fbfd291
- SHA512
  
  9c5fc69233d983567ffaf9adc3b3305f454d116743ae481c9bf57d245b4a055ab5938848ee85c87b5c71f3e2c6b4f1e4cd1adf1574bcb98098080ebf0edbebf7
- SSDEEP
  
  768:6dcm2uaCcU4hEt9v4yl4qM5SOnvKTvyJXT6K6Lx3Tbbqbcdoqc4g8ZRfb3fBIm8/:i2F90+qM5SOnvKDyJXT6TLx3Hy4Rz3iN
Score

1^/10
behavioral4
- Target
  
  $INTERNET_CACHE/Clearing
- Size
  
  220KB
- MD5
  
  1ef4da14132bef6a979acd1456d98f3d
- SHA1
  
  59f9ffeef09845224ac57508738ae9b69e1dd1b7
- SHA256
  
  b813cfbd43195490ca29f9dc59e94bef9fb9f4e76ee0b43c16d5b16884bae5a1
- SHA512
  
  46b9a18853f14a9c36c4a9eea347ead634cb6db25a55a00c793eec7b1a7d4715c45263355d1800c81778174b57a17e77a250b0a89da59a64a855d909e4f5355d
- SSDEEP
  
  3072:gxtoRU+5qkv2vvewDr81ue96zMv+r9Ko5C3CRN:/IN
Score

1^/10
behavioral5
- Target
  
  $INTERNET_CACHE/Emotions
- Size
  
  12KB
- MD5
  
  5d2e99be0f015f8dd0ea396e18298b36
- SHA1
  
  ef6046177d89c2d4a8382a81b350702cac319112
- SHA256
  
  92951dd31f519369d41dd38f33d2413218e80719b0df7d644ab802631f5034a3
- SHA512
  
  e9aa8c20ed343fcfd899aada6c9ff5aecbd5a851ed153884da285732fb961d42ca096152e60c7fecd69fcc67853eb6285b8fed43e289af61c5bef25c93d51098
- SSDEEP
  
  384:TBRXtHiR26R/oQ1OHjW15xsebJoqu/A1xd:rdZ8wQRLxjb2Z/A1f
Score

1^/10
behavioral6
- Target
  
  $INTERNET_CACHE/Erotica
- Size
  
  287KB
- MD5
  
  267b5e481037717e735391deeea0ff8f
- SHA1
  
  7fe2ac9c02bc53c1fb889f206aa51aa6da794f36
- SHA256
  
  afc7e1a378b9d972854c5a83ceb498b7bcd590a4841e2f34dcce9f5249de71ab
- SHA512
  
  1288a15102d756ff21a72023a24ef428b556358b37c5ec26d17aafcfab10b558b3f453cc9d481c1c4c851410190f812f9c94cc11f8cb1ee9fbe577b25ef8ac03
- SSDEEP
  
  3072:LYsbW0sfQqA5i1oh4FLuEumfHAQGcIGbMKIad5LhIuaLS:MqqYP5i13umPl5bgadd2a
Score

1^/10
behavioral7
- Target
  
  $INTERNET_CACHE/Fcc
- Size
  
  209KB
- MD5
  
  3b5281a40da51473173ae333354a4708
- SHA1
  
  1caa01b6ce05f28d3df1e93b9edad31116fd8782
- SHA256
  
  06e0cded6103f91778bb311d7771ed13e39509c44fe659cd28ce4b0afe69f553
- SHA512
  
  50538e36aeca1182cb9c368976d8b3816fa7cc9fb017269d4a1e6f7608ca0db227e343038d29ca483461eeed6812717b9d6227d7e980dbb8c3cd332e5da14dee
- SSDEEP
  
  3072:m2g8oKkX3h77FmkvsPF/CFWiXtDl6o4OA7+:mpKaxFmkUmhpl6of2+
Score

1^/10
behavioral8
- Target
  
  $INTERNET_CACHE/Fighter
- Size
  
  166KB
- MD5
  
  55bc4dc42166555b8a6f011c7f9ad209
- SHA1
  
  310e974352ee2e7ef63a91af925947a77cac6eba
- SHA256
  
  284bcbdf5593032547c119847d9d4a6359b400a74f13fa9d3774181d6be248c6
- SHA512
  
  f793c981720747f49eab38838d97458d4625ee0ee790e7a79319489c4d1bbae11b9f9c23e33609e35b15d476d5c084f77164332f654ed8040ce7c4d8faf54252
- SSDEEP
  
  3072:AlF6urnRf9PK9O/BY0lIny3L/enhnZbhhdmNfPF84ccdIw33BJxI6yc437L/y0f7:mF6uDRFPK+InNbhhdcceJxgcmy0f9r7B
Score

1^/10
behavioral9
- Target
  
  $INTERNET_CACHE/Forever
- Size
  
  46KB
- MD5
  
  cdc1c1777ae9a8548ef73e3d8d3cb771
- SHA1
  
  ab9e4243eff32ab19c709c57ebd8a826b226646b
- SHA256
  
  e5909739456e96f48ede99e430190574db9593ec2ef32009557cffa71f141fba
- SHA512
  
  2f384cf0a24ba04c117d8fa00f757b0bd9ce7a333182eff3d8927bd80c068d4ad9bbfa1b90f904c974162d843e65ef450c938ce13a7ac6b64a1393202d1fc3d0
- SSDEEP
  
  768:zr9FRgR06DHimBL4w6e5/MYl22+b2eRrOV+VshEIsavgafe1aLJhFhLzlDngwhZE:X9FiKsLd5ENVrOV+V0/vDfeM/HLzlDgf
Score

1^/10
behavioral10
- Target
  
  $INTERNET_CACHE/Genre
- Size
  
  257KB
- MD5
  
  e250dae40537d592778b9502cf8227fb
- SHA1
  
  303369f3adaec712570adc4c56ac5bea64e365f1
- SHA256
  
  1a6dab9fd80044680137ec4073c4963ec28341361a44ec5d710d4bea67a21074
- SHA512
  
  5bd19c4b18cdeb27be1470758efe724da9a123b857a849e742bd110f22fc6caaf65590d1628b3869a7427a8b67cfd3e63b6f42d23d0fe08d3e8a0f1d6ede65b8
- SSDEEP
  
  6144:IuEE83DjWZf5fbA7nRFNVlOYtqrhc1oOLZld6KpsT+M8quRQ42:IG83DwTkmhc1oOdlUT+hdN2
Score

1^/10
behavioral11
- Target
  
  $INTERNET_CACHE/Harrison
- Size
  
  204KB
- MD5
  
  d48f0066bbbae76cf753fa44ba32c1e3
- SHA1
  
  4afa385545e4f98cb7c64caa5da8b15018d3a518
- SHA256
  
  3cf27be352bcd2994403a9af6300d36c0390089a1d768df2d307e92edb0b3ac5
- SHA512
  
  13bc1212d2de7146d00bbb03f5f0cfe93a2ae2d077311e54859239d84e772cc0881d83ba28de3010418685e8f10de218f06a526994b8cd6b3ffbc921ec92a86a
- SSDEEP
  
  3072:h0v2n2gXMXE6Tmd3ceTGQW+WGeqjjrh82L8SyEB8:h0vmln6iFdNWGeq/rh824AG
Score

1^/10
behavioral12
- Target
  
  $INTERNET_CACHE/Idea
- Size
  
  277KB
- MD5
  
  0f1de8c0e038c0275860fd290b02c4d8
- SHA1
  
  25de651d877c2a413cf67b96c1606600d86b25d5
- SHA256
  
  4f4bc55aed3199ab69af774d87a48890c5ebc470719cb94ebb3e9691cc7aa84e
- SHA512
  
  94ebf780cdfdd68b1e5f5de76037adea1d2a7b207af06ec64907d966767987a72db7c727d819578e20eecbb29eef8f60cc69eb4150f3ad660e42394ee69c9899
- SSDEEP
  
  3072:8KYQMndIxTXRl3IcfFzpPRay4UQQ6VXgYrm3zK7n7tr8PM+o2N88wW1:WxyxtlYctzPay4x7jVyM+o2Tb
Score

1^/10
behavioral13
- Target
  
  $INTERNET_CACHE/Introduce
- Size
  
  251KB
- MD5
  
  4365b4a8e5a9f7d34d242d83148d37c9
- SHA1
  
  91d4dea7b5f2a4bdb8de6a4f01202d7c7017cbd0
- SHA256
  
  a0f8eecc85f3d72f066bfd72605132c745f849b8fb10eba610c9460b6c2e687b
- SHA512
  
  ed17236d833fa4475d1683b8660ec8243c09b2ef5d278968e317670048661b225ca0a5006c8c506ebeb22814b046e26fe64c34f8c2d6d813874b2f4c6e37d423
- SSDEEP
  
  1536:EXZ2pjvGOYqORZEs0FLo/t7RiuPHxTDiUR2miAZimDcHnjQFxhCMv+tZqQqWrfw6:U5VZwcxq2NXkivv+fUFTj+LFiEyLs0M
Score

1^/10
behavioral14
- Target
  
  $INTERNET_CACHE/Ld
- Size
  
  171KB
- MD5
  
  0fc4b1c389fa315ae8563d2c3ebc636b
- SHA1
  
  e03df5eb60d707bb7c1ad29e42e83feb47983672
- SHA256
  
  ff9bf8a27b8a03935494646154d9eff8e565452041c3cf52c8b76bf2fb0c996b
- SHA512
  
  4d9aa3cc48836a7b5d5ea9af67b25582febadc7c13ab4ffe202523558cf393ebdb39b4ee1be916e19d5389ca234b41c824bdc553f1d47bd36ddf3d63b34f09df
- SSDEEP
  
  3072:a6TWxbgarBPivXDWy4ZNo893kvs9SZHLMX:a6igarp0aBZ28C0cZHLm
Score

1^/10
behavioral15
- Target
  
  $INTERNET_CACHE/Participants
- Size
  
  59B
- MD5
  
  df7fa3ba9a23cdb72499f49026149b1b
- SHA1
  
  167a471297e7e1f9de2d51233453788fd0a1227b
- SHA256
  
  e4754b247074cc987484c9f2a38903ab11b88a9bcff87e4f9f31986fcc4334cb
- SHA512
  
  9843fcc8c2a2fd032f6366341ad7bc69b33fe7791dc4f9cf7793d7aecbe8c9340dcaeba9e1d771b35acebde2d027bc8bd804d9133038758fbbba6589e84fbc3e
Score

1^/10
behavioral16
- Target
  
  $INTERNET_CACHE/Pulse
- Size
  
  261KB
- MD5
  
  1acfe30f6c52692e861389771d895a25
- SHA1
  
  3ab030b1694910c721974e0f1b17625d28bd8404
- SHA256
  
  2301e62606fc0bce2d842c479d9c1795d18865253ae4fbe47584f0b6c5c458dc
- SHA512
  
  4241ca04a9f7b0af070af8f776ce8c450745c62af61e1eec2c4ce59e0b26d9e7f42a35093e7128336396f3ca402805a5073b9967f65e3a7d01c7e533174a71dd
- SSDEEP
  
  3072:TcHm/gIMi0RuOuN585dBN5GCtMor0Wo+7x9yK9h9Hw9JrUx7q10zDT5+YWKM9qGt:Zrqq6zD/2oGSvI4F76
Score

1^/10
behavioral17
- Target
  
  $INTERNET_CACHE/Que
- Size
  
  10KB
- MD5
  
  f216efd0e80184e0d79622683db9295a
- SHA1
  
  919909b47e5c12ebaab598e9b0f50e1c21824d0c
- SHA256
  
  b134655bdf6d40b5ffef9022258559e2fc1d16a07b1fc787953afdd83bce7ac1
- SHA512
  
  b5127430ca8eea6630117158b26a8c1e2460d447388e8254613f5a522b4a90b3eb9ccdc652eec11afdbd2b56630abcd213104ba116e7327057644e6c3ef58455
- SSDEEP
  
  192:SLoQxn69ssxPhLfUSVZPkZeCeAraVYo7z0m1fkMQ3CN:IxxSsmhLftVaeCVrov05MQ3m
Score

1^/10
behavioral18
- Target
  
  $INTERNET_CACHE/Richmond
- Size
  
  147KB
- MD5
  
  3c370bf91af8951f8239bee8271aed1c
- SHA1
  
  3c119efa24464782f44616ccef5acbe9e05ab6d4
- SHA256
  
  ee2f4d8bd7ca8ec5ffd4748359e9b2206b8a057a7b9b101a5442920cf8ec1a92
- SHA512
  
  c1d4c820b055a66101c71f519e860f9db3631676401f91c2391c8ac21e851aea6b1156939f95393369041e379071078c5ceba60d9b22528dcb6802a98df18b7d
- SSDEEP
  
  3072:Kbvq6qQugHl4I7xp8RCUpb4HCWIlqzMHFaDdmR5tNkbg:Kbq6qJgHgRv4mMMH4dmRjmc
Score

1^/10
behavioral19
- Target
  
  $INTERNET_CACHE/Tuning
- Size
  
  207KB
- MD5
  
  dba4b4595f4d9c99d69154aa0f42b4bd
- SHA1
  
  cb19ba14ea855bd2737aa35b027ab4fd10297891
- SHA256
  
  30f642a61d77c6ee9696b3d5a1d005ec480173d54b7856ed8e8ff38c5dda8b04
- SHA512
  
  529df12751251575ae545da26e2764d5d7641950c2be746598308774cadee0a936d94c9aa0f3d7820487a54b5095b6904bc65c38378c7d95aa44c25046d9986e
- SSDEEP
  
  1536:IG6gDtVQllTGdOS0Ijdu1FzcsIzVxmgkwF1bEL8MzDigerQSm4mfQwMjki/PRy7Q:IeW3/obmBmb63mWH8YfAOi1lwyae
Score

1^/10
behavioral20
- Target
  
  $INTERNET_CACHE/Violence
- Size
  
  124KB
- MD5
  
  686da1e809252566fa97937e1188cae0
- SHA1
  
  6ba10ebcc5e08f97bbc301abb9a5831614ac1de0
- SHA256
  
  556debffc737309044830063f82360a44faddd2cae5815311c985b9f989d3140
- SHA512
  
  343cef200d3b716da927a1fa7170518cdbfa5c3258da7146b862e49abaa60bb831de23f09c4c9b9da55ee31056abe3e0fa35e62f8ce33f1a8e7c54fbe4f87b7c
- SSDEEP
  
  1536:zddRn9Y6VuVGHj1vtKs2qjJja13sWqScd0vtmgMbFuz08QuklMBNIifujaAwutPg:rRnCbajFTeAg0Fuz08XvBNbcaAttPg
Score

1^/10
behavioral21
- Target
  
  $INTERNET_CACHE/Wx
- Size
  
  212KB
- MD5
  
  ec3efd198fbe9a0f73fd23578aca60c0
- SHA1
  
  77899232753f45275e2d05bf565ae90cba2f875b
- SHA256
  
  847206f6fa8e78dd46542d742d3bf7c3675b07ff9777d58f638d22fb101b0e14
- SHA512
  
  5514e280866a7863110afe7bdca78d9036e148213b4d32ac1b4d99358962954e2aa3b60cfd0051b2999e313c4fb4b8a92f8835e623748ef5870cc031da298d7b
- SSDEEP
  
  1536:RQ5IoUVhNKpBQk6N799YH5l5t+Ex/C/b179nbF1opqNUIuH+S0IjtPvKLH9rq0W6:Dmd66CE88/Qe0W/nkpmOq+tY99Vwt5
Score

1^/10
behavioral22
- Target
  
  AURORAV1/scripts/scripts.dll
- Size
  
  18.7MB
- MD5
  
  88fd7dbf04bcf75123d02009aea3f7f7
- SHA1
  
  cecf16bdad71e54afc941179ea2b7438a04efa1d
- SHA256
  
  01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
- SHA512
  
  2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
- SSDEEP
  
  393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8
Score

1^/10
behavioral23
- Target
  
  README.txt
- Size
  
  26B
- MD5
  
  324e84cb7d7402dc19a01d5a3d5c6118
- SHA1
  
  e6bccb036394eb1c4d66cc97ad03ddd027931197
- SHA256
  
  c5a251c09c554be32a516eb4eaef46843eff916f71f276264f621175ed0fed75
- SHA512
  
  838e7159afd2633bcf4e4b9eae82633c21d7e26f1247b5c69bec6d23d2b389a52b6c4895217d6e23e96b318c14e4d0d13dcc809ce90b65df7e279ae09098ea2b
Score

1^/10
behavioral24

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Process Discovery

T1057

Remote System Discovery

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Suspicious use of NtCreateUserProcessOtherParentProcess

Checks computer location settings

Executes dropped EXE

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24