Overview

overview

10

Static

static

10

aura PAID.exe

windows7-x64

7

aura PAID.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aura PAID.exe

  • Size

    6.0MB

  • Sample

    241016-wtql9stfra

  • MD5

    3f13b2c1db998406620c5a2fda6644e3

  • SHA1

    bdf0d2b81682a048b73b7b3d9ee47a0c4007b3c3

  • SHA256

    b4e7d97866d0cff2eef566488d18b3814b66f2523eea980693eecedfea71cab0

  • SHA512

    5897255a48f49f43f33dbb5b50311d5e6e5a15db64818ed782567b0aceac48bddeeb00fc96d3f30ac66c8e182b222c3e77c31aa47f2ca909c30ad9559fc67afa

  • SSDEEP

    98304:JnEtdFBBeevamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RpPMlj3yMJV:JWFjueN/FJMIDJf0gsAGK4RpklFJV

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      aura PAID.exe

    • Size

      6.0MB

    • MD5

      3f13b2c1db998406620c5a2fda6644e3

    • SHA1

      bdf0d2b81682a048b73b7b3d9ee47a0c4007b3c3

    • SHA256

      b4e7d97866d0cff2eef566488d18b3814b66f2523eea980693eecedfea71cab0

    • SHA512

      5897255a48f49f43f33dbb5b50311d5e6e5a15db64818ed782567b0aceac48bddeeb00fc96d3f30ac66c8e182b222c3e77c31aa47f2ca909c30ad9559fc67afa

    • SSDEEP

      98304:JnEtdFBBeevamaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4RpPMlj3yMJV:JWFjueN/FJMIDJf0gsAGK4RpklFJV

    Score
    8/10
    discoveryupxexecution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks