General

  • Target

    2025-06-03_6f7ba73a4d40d6ba25d2efe3aed41b2c_akira_rusty-stealer

  • Size

    12.3MB

  • Sample

    250603-zlqtvaej3z

  • MD5

    6f7ba73a4d40d6ba25d2efe3aed41b2c

  • SHA1

    1cb7ca65d6a9402f9d1c7f3da280811bb81c7862

  • SHA256

    ca4a420f3c9dcf112ee81603d13e4b0fcc063c002257adc5f08c2aac9dc9a3f7

  • SHA512

    d888a407184c996b6b7c463a6b7cc8b1ad4cdb06d6b173892859a55db49ce4b0a59a09ced4ab55eeab341941c5a1a8ee457b0599ed77aac79047f85dc167bb1b

  • SSDEEP

    196608:d+VhqcUFR0HEWQMKIoKq/aaNiLvO9qvrGCCgQKI8UeU16xaaSREspnfRbDYME/Gd:yqoEW2Cq/TiLW4T9Chs3

Malware Config

Targets

    • Target

      2025-06-03_6f7ba73a4d40d6ba25d2efe3aed41b2c_akira_rusty-stealer

    • Size

      12.3MB

    • MD5

      6f7ba73a4d40d6ba25d2efe3aed41b2c

    • SHA1

      1cb7ca65d6a9402f9d1c7f3da280811bb81c7862

    • SHA256

      ca4a420f3c9dcf112ee81603d13e4b0fcc063c002257adc5f08c2aac9dc9a3f7

    • SHA512

      d888a407184c996b6b7c463a6b7cc8b1ad4cdb06d6b173892859a55db49ce4b0a59a09ced4ab55eeab341941c5a1a8ee457b0599ed77aac79047f85dc167bb1b

    • SSDEEP

      196608:d+VhqcUFR0HEWQMKIoKq/aaNiLvO9qvrGCCgQKI8UeU16xaaSREspnfRbDYME/Gd:yqoEW2Cq/TiLW4T9Chs3

    • Aurotun

      Aurotun is a stealer written in C++.

    • Aurotun family

    • Detects Aurotun stealer

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks whether UAC is enabled

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Network Share Discovery

      Attempt to gather information on host network.

MITRE ATT&CK Enterprise v16

Tasks