General
-
Target
by RRyos [GoddyXpl0its].zip
-
Size
8.9MB
-
Sample
240411-ng8cjsde8s
-
MD5
5dab6d05600aa9a4a8e65fe3a51c73c3
-
SHA1
05908e4690b74bf771eda6d35af36c185241bc99
-
SHA256
87dc8a31b38e584652dbbea9996dcbff96599dac087b5b48d74b02f4af9b0d86
-
SHA512
e769a2b20d8967c4fd11b2801053e11fc4f0812a7c56053cc07dde7715dc11a5447f7fd50411f6ef153a921957f21a19cfb3f99c866d0f4ccb6d676ce5934636
-
SSDEEP
196608:VMnUiG7Cxjdqsfs9V5bbJjpohW36O4oNeXJoji0VYFp5K8:VMng7CxjdqxVdbYm6jAe+urFpt
Behavioral task
behavioral1
Sample
A0RORA/A0RORA V4.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
A0RORA/A0RORA V4.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
$INTERNET_CACHE/Classical.ps1
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$INTERNET_CACHE/Classical.ps1
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
A0RORA/scripts/scripts.dll
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
A0RORA/scripts/scripts.dll
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
A0RORA/A0RORA V4.exe
-
Size
287.0MB
-
MD5
3b036c9d3c85bdb64cc993b601a20b90
-
SHA1
36c4b09f2a39d690780ab1af125657c294c63a61
-
SHA256
43afb96682ead6ea83d7af10c031e950711261a93768ff654d38939592430ab5
-
SHA512
14620d0b690f7cb04456f59e9c61d6bb98139ed1b01c234ae16e33bd624ae6d18eb67cd52705d96f839eb6c4c42142017e3ff897c00d18025b8c3f5c8ce93f75
-
SSDEEP
24576:ebqrNtz57KF0j6wvp6mRvQtguzIOJ1XE9+ofqYwWVDk5uL9I2aas0OMdK:kI3Nq02IfRvruz7E9+ofqADlLu2oVM
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
$INTERNET_CACHE/Classical
-
Size
235KB
-
MD5
eaf385cdf1314e338da96bb238f75b01
-
SHA1
2d6c7d5e4564e782bba21fea45669be4caf2fa96
-
SHA256
bad782e8dd1a95af87f67c7dcc036d62d3bbc8a47fa3384ce9883eb2f36ecca1
-
SHA512
41b9d8096870dcaa51fba676238297a12c46cfe3a6ab2f84f95b10b606b7ae56775c40ab75df268f0fb3795fe82a9fb3e668069de4142f04b9191d947dc4c3fd
-
SSDEEP
3072:dHemsIqQVUHwtwP9Xzm9onM/0UeXprNWRz9onM/0UrhkcjGjyiIZyxiY/1H3uGzo:Bgc4iwHF8gETgEX+Y
Score1/10 -
-
-
Target
A0RORA/scripts/scripts.dll
-
Size
18.7MB
-
MD5
88fd7dbf04bcf75123d02009aea3f7f7
-
SHA1
cecf16bdad71e54afc941179ea2b7438a04efa1d
-
SHA256
01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
-
SHA512
2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
-
SSDEEP
393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8
Score1/10 -