General
-
Target
by RyoX [GoodyExpl0its].rar
-
Size
5.1MB
-
Sample
240526-e3zg4aff73
-
MD5
dd2e5d9d53d73af35360869d9181e546
-
SHA1
54370b8941a6011b29aa4997fb44e435d2494f5d
-
SHA256
9df2f1f389119479fd7685350f70f2da11f541b79d1571fc51b67f3d183821c1
-
SHA512
37ffae2951429fe77c13a2acc1ba7f0e223ba683acd0031a6f7596fcaac8e31cfae282265f29d46a878d3d8f8f2b4865eee0fc611dd6055c9ad144c88675696a
-
SSDEEP
98304:yZS6y2zo/lQYUnplsTUjdBSdwS7atG2qfUNLKmNlGtF2qHAVxMmajCE0E:AST2EtHUnpHdodwS7X2qxYGtF2qgVWTf
Behavioral task
behavioral1
Sample
Avrora.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
scripts/cef_100_percent.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
scripts/cef_200_percent.js
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
Avrora.exe
-
Size
4.7MB
-
MD5
15f90922fa11ba75c875688b66f104ba
-
SHA1
9db2d852aca4a3336e93ea9c1d79f8008484fb2e
-
SHA256
7b6fe3ae7047cd64cdcffeda0ee07efff41fb5a503862ddb0d330a5c99995dc8
-
SHA512
291f2ddf503cd1bcdec2c106ec71050459cbc0fc14fca63cc691b2f73d79e3921426be7bdc0822a632f17271fa0d14e970ebb178d9c5bb5aa09696576d092b1c
-
SSDEEP
98304:fLdfYRkV/KjZ1DNSR5EfrshLhCoMsaIO9YBxPeJ2wHMhY6S30xc:fx1V/KjvhSRCTjoMsHxeJ2ws+63xc
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
scripts/cef_100_percent.pak
-
Size
621KB
-
MD5
02b2f9be36ad29156dd5a48e96de00f2
-
SHA1
5a2477402c5f704190f931aaae40c54248dfb867
-
SHA256
a1c2a5836896ef29dd8292bc38884e3473be58c51267d9d9db041ddabdfd4913
-
SHA512
3a837f3196881c5e2d25f1972e697aabee5952d7d48924c607035e01f92bae105757ec3ed0211b5e3b4e018afd126a31afdd30e34af1a3467e816d84b2e9e89f
-
SSDEEP
6144:3WxN1ImMsoHgs4jTlO5bPQmdcS7jQYVY+/ovYrbxIoaZoboRH2QXJ:3gMjgs4jTk5PdLky/ov8Ba3N3
Score3/10 -
-
-
Target
scripts/cef_200_percent.pak
-
Size
672KB
-
MD5
47f7642817e81cfa95a2d39744a8b5e7
-
SHA1
d7d6b1b55d7f55bf5e045358155e159cb7db3721
-
SHA256
9441a4a3515d440db938241727f96e3256902463f2f61db0c26fbcadb56f93cb
-
SHA512
54b661d546d9196b70aedc36fc9751b0241c6309263035e58fcc7b9b90f2d18793fda44936fdd679d9f6948739f592fc749f7b76349b2dd82863c7bf73fbb945
-
SSDEEP
6144:OWxN1ImMsoHgs4jTlO5bPQmdcS7jQYVY+/ovYrbxIoaZoboRH2QXJ:OgMjgs4jTk5PdLky/ov8Ba3N3
Score3/10 -