aurora | 6f6ee24d416bffaefa0123fcc822ac8c66f44d4daa0aba3e19fb5802bfed9664

General

Target

fd71ee51243b06f2f30b83e9eda0a85d
Size

1.7MB
Sample

241108-j968qszalk
MD5

fd71ee51243b06f2f30b83e9eda0a85d
SHA1

00d881819445fb423adb68545986c50fb5889dd4
SHA256

6f6ee24d416bffaefa0123fcc822ac8c66f44d4daa0aba3e19fb5802bfed9664
SHA512

8929f9f2563a9cffde05c9579919f44d9286a0ad0440982bd5f5f7994ccbea84667eb7b9385e773fc694b946fd2ee507c619f9754c48a40d3b4037fea3f8f653
SSDEEP

49152:nO86cdLSZnhoIum89jjh7zYqA/e6w4X2MFkkaZnrFjz:nToOIs9jhfYqA/LX9zaZZ/

Score

10^/10

Malware Config

Extracted

Family

aurora

C2

217.195.155.154:8081

Extracted

Family

purecrypter

C2

https://megalinkbj.com.br/images/img/css/www/soul/EitherInstitution_1_Cpoenwyi.jpg

Targets

- Target
  
  2870a473e49673e2f6feb3d6e0792de6.exe.vir
- Size
  
  4.9MB
- MD5
  
  2870a473e49673e2f6feb3d6e0792de6
- SHA1
  
  39f016a1a81b29579be1221a49d9f8449e41b613
- SHA256
  
  55913852c201a5d380a8f20372c058db1cb0e093b4714b05d10516f5fccc7290
- SHA512
  
  6fd8c3c7bc28ffa6f605c1a9deb9d5f0be7f38dc133eafe83af20b0bb3ea7745c549bd256447163bf0c470d07efadfd3939415f7876537e3e587f33c1fc4a4cd
- SSDEEP
  
  49152:1oL3J54rb/TBvO90dL3BmAFd4A64nsfJ6HXWQ987QoL4z9jGLofnVTQMUnmECIbe:I0sQo+Bpan9E/awMSe+
Score

1^/10
behavioral1 behavioral2
- Target
  
  5b198d1272b07fa5c8880604f17a4d65.exe.vir
- Size
  
  145KB
- MD5
  
  5b198d1272b07fa5c8880604f17a4d65
- SHA1
  
  a65b4960479dcb25b7b6d43a1743776f416ce434
- SHA256
  
  9d1040b85717169f5d87bea082725b90d4d858c33ce5e88b198afc4ba68b9ce9
- SHA512
  
  53d5268b63018e373945929a5067f86486d7790437186cfd79d49414edd432825e788f9844bbe7b0d0a93d5ece0af6fbbc82f08cbf49754d259c87ba88ea4a02
- SSDEEP
  
  3072:9wLEVbLoEZljy9611VBzEkjqr15MX7aSJpiGmpN:9RXy9611VBzwU2SPiGmz
Score

1^/10
behavioral3 behavioral4
- Target
  
  7d41dd6194db2b9b1514ad154451bb7a.exe.vir
- Size
  
  383KB
- MD5
  
  7d41dd6194db2b9b1514ad154451bb7a
- SHA1
  
  3c2597920f384ee5152754e410594c078bc14fe5
- SHA256
  
  a5d3a4578fd5979a7e3fe324b7c329e5b853c1c739e73428d77ade897c113e44
- SHA512
  
  f32284fb34ac82dab3f88c110b51c3ffbf8b6705a96cc472c05dfe083a25ccd9ea3695590d577236f40f5f55778712a4f74251a05056249c31cfe8a7f3182019
- SSDEEP
  
  768:kSvNWMz7EVXU/hVJ+7hSYfGJsQO849wk9ESnGCuqqyUq60atL+Qs1eIeRgiSlmmu:VI47GyTGCwiSnmQUt0LB1eIus5gDB
Score

10^/10

purecrypter discovery downloader loader persistence
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Purecrypter family
  purecrypter
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral5