999dabcfa068fc8d41db2c94f04082d66cf3da6949ea9f1cb5a32a390f35bcca | Triage

Submit
Reports

Overview

overview

8

Static

static

1

AURORAV2.rar

windows7-x64

8

AURORAV2.rar

windows10-1703-x64

3

AURORAV2.rar

windows10-2004-x64

7

AURORAV2.rar

windows11-21h2-x64

3

Resubmissions

09/04/2024, 12:00

240409-n6plqsed63 10

08/04/2024, 16:48

240408-vbhm9seb92 7

08/04/2024, 16:43

240408-t8lkrahd91 8

Sharing

Copy URL Twitter E-mail

General

Target

by Goddy [RyosXsploits].zip
Size

8.9MB
Sample

240408-t8lkrahd91
MD5

545408934b4e866e2d4c4cad9bdd41a1
SHA1

818278791f73200d70c7a0b041bc3069e2179901
SHA256

999dabcfa068fc8d41db2c94f04082d66cf3da6949ea9f1cb5a32a390f35bcca
SHA512

fbb0c6f563ee236c3742d637e1cf044f04602216157764226c2b9d2ca1247d0e88c26fd55c59f11f436d7157163a426219d89ea1800c0ac4c76f00c78db1fa4e
SSDEEP

196608:AjIuvlxfez1p1usHhhQonZfFuwNVmhpvfB8Pp6aARkj104B:KIutoz1HHhCondYQAXfBLkZZB

Score

8^/10

discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

AURORAV2.rar

Resource

win7-20240221-en

discovery persistence

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

AURORAV2.rar

Resource

win10-20240404-en

windows10-1703-x64

4 signatures

150 seconds

Behavioral task

behavioral3

Sample

AURORAV2.rar

Resource

win10v2004-20240226-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral4

Sample

AURORAV2.rar

Resource

win11-20240221-en

windows11-21h2-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  AURORAV2.rar
- Size
  
  8.9MB
- MD5
  
  8b09c8035d71ae6879b7174a830c44d1
- SHA1
  
  4bae17eb3bb09d29272295ec907aa24017a096bb
- SHA256
  
  c6b7f1668387dc7625e2e00fb2458dc19d187f5a402739d610b3546f74872aba
- SHA512
  
  593ba6cdf35adbc174d6e632cecc80cb341cc43febcbdba2a9a7c236667da03b214c3adb00cea0aa5a09533157f97655a334abe599e75089333452895ffaf826
- SSDEEP
  
  196608:HjIuvlxfez1p1usHhhQonZfFuwNVmhpvfB8Pp6aARkj104y:DIutoz1HHhCondYQAXfBLkZZy
Score

8^/10

discovery persistence
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

behavioral3

behavioral4

© 2018-2025

Terms | Privacy