General
-
Target
AURORA_STEALER.zip
-
Size
13.0MB
-
Sample
241029-18zwpsslhn
-
MD5
5fa1d8bed0a6cd19007923b7e0512075
-
SHA1
9fadb9f7f943bc61519cc6fba17e33723ee8b9d9
-
SHA256
3834b805ba68b1d8bbb041e6789d1cf564af626954d7d03b592b3dfc58522746
-
SHA512
f6731839bfc69434bede686ec44e1df83498b8572eaf55ad0e6805764b56344c10858333d181bb69b5c6d25d22089ce4d8049255c5f3a58920c10b2331c207ba
-
SSDEEP
393216:cFEaPdyKmdMrLUrekEAlgyGVG7rNfFujxUh7f6hiL0bQPF:AEahmTxlL9yxaosN
Malware Config
Targets
-
-
Target
AURORA_STEALER.zip
-
Size
13.0MB
-
MD5
5fa1d8bed0a6cd19007923b7e0512075
-
SHA1
9fadb9f7f943bc61519cc6fba17e33723ee8b9d9
-
SHA256
3834b805ba68b1d8bbb041e6789d1cf564af626954d7d03b592b3dfc58522746
-
SHA512
f6731839bfc69434bede686ec44e1df83498b8572eaf55ad0e6805764b56344c10858333d181bb69b5c6d25d22089ce4d8049255c5f3a58920c10b2331c207ba
-
SSDEEP
393216:cFEaPdyKmdMrLUrekEAlgyGVG7rNfFujxUh7f6hiL0bQPF:AEahmTxlL9yxaosN
Score10/10-
Aurora
Aurora is a crypto wallet stealer written in Golang.
-
Aurora family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-