General

  • Target

    ce65831bda3f16b3fced3bf207bf718a.exe

  • Size

    25.1MB

  • Sample

    250630-t3916atkx9

  • MD5

    ce65831bda3f16b3fced3bf207bf718a

  • SHA1

    89ad5f5c2c3a13292342dc7ee5f87db4cce3b07e

  • SHA256

    925bd273b5ad8eb206a1601453407f6c1d3c2a83fe589af93180064ee9a0e08c

  • SHA512

    5bc7408d348b368918aa3aee550a5801885dd403d2f5c65fc2fb84a40b3a698e2722f1fc8759210a7376247340b43b3917a6a94293b187771477667c4339898e

  • SSDEEP

    196608:S3k3b7xJxtHESFlDhN3AYp7/4Zhh32DKw6XzTW5iwCyMXQLdO2LGmSj6M2:Xb1Vk0Dh+5L32DKw6XzTMCyqQgOU8

Malware Config

Targets

    • Target

      ce65831bda3f16b3fced3bf207bf718a.exe

    • Size

      25.1MB

    • MD5

      ce65831bda3f16b3fced3bf207bf718a

    • SHA1

      89ad5f5c2c3a13292342dc7ee5f87db4cce3b07e

    • SHA256

      925bd273b5ad8eb206a1601453407f6c1d3c2a83fe589af93180064ee9a0e08c

    • SHA512

      5bc7408d348b368918aa3aee550a5801885dd403d2f5c65fc2fb84a40b3a698e2722f1fc8759210a7376247340b43b3917a6a94293b187771477667c4339898e

    • SSDEEP

      196608:S3k3b7xJxtHESFlDhN3AYp7/4Zhh32DKw6XzTW5iwCyMXQLdO2LGmSj6M2:Xb1Vk0Dh+5L32DKw6XzTMCyqQgOU8

    • Aurotun

      Aurotun is a stealer written in C++.

    • Aurotun family

    • Detects Aurotun stealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v16

Tasks