Resubmissions
11/03/2025, 15:04
250311-sfzq8swmt5 811/03/2025, 14:20
250311-rnmwzavmx7 811/03/2025, 13:45
250311-q2pr2svyby 810/03/2025, 19:09
250310-xtytbavzcs 810/03/2025, 19:01
250310-xplyysvxhz 810/03/2025, 18:29
250310-w42ghstps7 810/03/2025, 15:21
250310-srpqeazshz 410/03/2025, 14:53
250310-r9d6ysyxdv 810/03/2025, 14:46
250310-r5e8fsywes 609/03/2025, 18:14
250309-wvp25axvd1 10General
-
Target
test.txt
-
Size
18B
-
Sample
250221-xaa8xaxphn
-
MD5
5b3f97d48c8751bd031b7ea53545bdb6
-
SHA1
88be3374c62f23406ec83bb11279f8423bd3f88d
-
SHA256
d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b
-
SHA512
ed2de1eec50310ced4bde8ef6ae4b7902920b007df7b6aeb200cfe9fcc0d36ef05af7526c4675be2feac52831668798d5fe3523175efad6f6549b30f30a0b5d6
Malware Config
Extracted
https://rentry.org/xau9i/raw
Targets
-
-
Target
test.txt
-
Size
18B
-
MD5
5b3f97d48c8751bd031b7ea53545bdb6
-
SHA1
88be3374c62f23406ec83bb11279f8423bd3f88d
-
SHA256
d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b
-
SHA512
ed2de1eec50310ced4bde8ef6ae4b7902920b007df7b6aeb200cfe9fcc0d36ef05af7526c4675be2feac52831668798d5fe3523175efad6f6549b30f30a0b5d6
Score10/10-
Aurora
Aurora is a crypto wallet stealer written in Golang.
-
Aurora family
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Obfuscated Files or Information
1Command Obfuscation
1Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1