General
-
Target
Aurafn.exe
-
Size
18.6MB
-
Sample
240929-knpx1azarg
-
MD5
e5aebd8b0212fb19a64d74073511be5a
-
SHA1
223b61e63a942af5a0ff70e8379bde618b749b7d
-
SHA256
5661c019ea9a3afdffc0f8f3b22e23d041cc05f52e71f80d4295a30db8b9fc1b
-
SHA512
4fa7f5db0df093bd70f5a52f084e276ba77283c6cd0215e6a694b62fa316905d8649b2370a59f3a7e90f80724c755f30fd51dbf92c39416edcc10b8afb8ad31f
-
SSDEEP
393216:MqPnLFXlrNQ+DOETgs77fGMkgk0vEmczb4ojq:9PLFXNNQ/E7Q3tXbY
Malware Config
Targets
-
-
Target
Aurafn.exe
-
Size
18.6MB
-
MD5
e5aebd8b0212fb19a64d74073511be5a
-
SHA1
223b61e63a942af5a0ff70e8379bde618b749b7d
-
SHA256
5661c019ea9a3afdffc0f8f3b22e23d041cc05f52e71f80d4295a30db8b9fc1b
-
SHA512
4fa7f5db0df093bd70f5a52f084e276ba77283c6cd0215e6a694b62fa316905d8649b2370a59f3a7e90f80724c755f30fd51dbf92c39416edcc10b8afb8ad31f
-
SSDEEP
393216:MqPnLFXlrNQ+DOETgs77fGMkgk0vEmczb4ojq:9PLFXNNQ/E7Q3tXbY
Score7/10-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
main.pyc
-
Size
7KB
-
MD5
dc142ea2dc066cbfab1bb9cecb9bdcc5
-
SHA1
f02ba8634b3e9de4fd369fbf7bf5d145f3a03eab
-
SHA256
0063cc3fa6d5dc7e28104b7bdf381f0863c1bba905360abbaf94aefe0b567900
-
SHA512
3fe24370b6f52b746bfd7e4016adc668064bd311423da9cec3589942c3589f8a498fe5c896a84040d26f117fd2c25378f53180e0588b7264ae0b5fdaad9a055e
-
SSDEEP
192:wG9KWLD8qXgWdXwRAIKUJhwPyapMdwA4Qnw:T9K4wWuRTp2Py4P0w
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1