General
-
Target
AURORAX.zip
-
Size
10.5MB
-
Sample
240413-qxl6csgg7t
-
MD5
db0917258b8a992d9c3bf6b9fad7b8a7
-
SHA1
44f319447314fec53dfd42a80e5b63b6335a12bb
-
SHA256
5e40b21219ab3777444115b74ec277da10561ddd9454bd31484dd918a3c56810
-
SHA512
aacf6fb2e7996470ce15616fdd2263d3ce5e55e9714805512e46f90bdbc702fd7a9b9a83cbdc75848735fc29e33b8f8e160fe081a6f3c22ae0d2ff37a8b43e84
-
SSDEEP
196608:rdi7z2aW3g/oGWVmvqKNTjSKpl0pY49cC3+7Sz8p+fLWGW6GnmNz3y8uU7myK0cg:Ae3UoGWV8p/D0d9/uDp+jWGWHmZ3Tp7z
Behavioral task
behavioral1
Sample
AURORAX.zip
Resource
win11-20240412-en
Malware Config
Targets
-
-
Target
AURORAX.zip
-
Size
10.5MB
-
MD5
db0917258b8a992d9c3bf6b9fad7b8a7
-
SHA1
44f319447314fec53dfd42a80e5b63b6335a12bb
-
SHA256
5e40b21219ab3777444115b74ec277da10561ddd9454bd31484dd918a3c56810
-
SHA512
aacf6fb2e7996470ce15616fdd2263d3ce5e55e9714805512e46f90bdbc702fd7a9b9a83cbdc75848735fc29e33b8f8e160fe081a6f3c22ae0d2ff37a8b43e84
-
SSDEEP
196608:rdi7z2aW3g/oGWVmvqKNTjSKpl0pY49cC3+7Sz8p+fLWGW6GnmNz3y8uU7myK0cg:Ae3UoGWV8p/D0d9/uDp+jWGWHmZ3Tp7z
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-