MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77cda0e40715ba31b558029eb58ca2684a265d684d23aa6993ce1faee2534842. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AuroraStealer


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77cda0e40715ba31b558029eb58ca2684a265d684d23aa6993ce1faee2534842
SHA3-384 hash: 37d0ce9a7c7d4d3a3e507ee017fdadaf7e3db342d24976b3e4d0ae75ad5f78ecfb730b6f3602db506dc32d3585f2bda3
SHA1 hash: c62b0416213a8d2aa21cfe6a76f4baab66308d2a
MD5 hash: fa9a7e15af8b99dfd12edc96f5234f17
humanhash: island-mango-white-grey
File name:Launcher.exe
Download: download sample
Signature AuroraStealer
Create hunting rule
File size:10'420'224 bytes
First seen:2022-11-18 06:27:57 UTC
Last seen:2022-11-18 08:56:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a134c70472750a73bd9faac2db8b0d3a (2 x RedLineStealer, 1 x AuroraStealer)
ssdeep 196608:BqiD1AeBJ9anmsL6ltPzcKsec03Ji40tn1M2IDg99X:BqC93kniltLcn+87tsgr
Threatray 85 similar samples on MalwareBazaar
TLSH T143A6236E62483358C81EC4385433BD19F5B6416F0AE9E9BE72DB7BC063AE401DB46B17
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter iamdeadlyz
Tags:45-15-156-22 AuroraStealer exe FakeImpulseGame Kraken StellarImpact


Avatar
Iamdeadlyz
From stellarimpact.io (impersonation of impulse.game | Twitter: @impulse_imp - 1447500345169563651)
Zip pw: StellarImpactBeta
De-pump of c72d781eec5d8c5ced29bd8d88f20aaf7ed962fe30f467d1378fb6c19e2a01ad
Stealer C&C: 45.15.156.22:8081

Intelligence

File Origin
# of uploads :
3
# of downloads :
289
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Launcher.exe
Verdict:
No threats detected
Analysis date:
2022-11-18 06:30:39 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a4c3b4c0-9164-44ce-b408-d9bd079fd7c5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/335658/
Detection(s):
SecuriteInfo.com.Win64.Trojan-gen.25555.17452.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/637725f46fda73cab64e4c5f/reports/0a642067-0928-46c0-af2b-22990c19be95/overview
Result
Verdict:
MALICIOUS
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/59aefd81-14a7-49ee-a14b-56a46e9d4018
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1116325
Signature
Machine Learning detection for sample
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/77cda0e40715ba31b558029eb58ca2684a265d684d23aa6993ce1faee2534842/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-11-18 06:28:24 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
7 of 26 (26.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o7g2bzahcw5ddnkyakplldfcnbfcmxlijur2u2mtzyp25ystjbba._file
Verdict:
malicious
Similar samples:
16e6a84d1a906671106d1f02336675820c4b1d91fdf85bca031cb84eda80237d
AuroraStealer
398df90a42c7b3cc43ea5095630ef3d8cf059beeda54e6a5888c839f5d6f5055
AuroraStealer
3c1b550a3afa8207c88ee4d267c096d4be36af794174345c5989a94351f62af4
AuroraStealer
4997ee85be4bcb1e2776453041349b2469ff57580e377c95a31dc0dd4f5a9016
AuroraStealer
4e7b3bfa6edf5cf57bd1ddefc3838a6da7b70db15dc306c27393c0c98b16c4d0
AuroraStealer
66c26543a4954813811e8d205b9ef51e4024b7dcad720852af1be7cecef32afd
AuroraStealer
844bc19d639b4c95b4829e9b1d3c16cef6d94aad8ef4f5b2d2879ac2ef1df37b
AuroraStealer
8fe888167e7096db5d6aa3d3bc64998cd8fd43bef3a83fc6d3c40ffa903891f6
AuroraStealer
9dfc2b987cfac7d4b2dc842bef5d9680724a0d8a65bef2ef175ad2e5672e429b
AuroraStealer
+ 75 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
spyware
Link:
https://tria.ge/reports/221118-g8bz4agg65/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Verdict:
Informative
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/f0bbb55b-6dd9-4364-a2d3-e07c3cea284f
Unpacked files
SH256 hash:
77cda0e40715ba31b558029eb58ca2684a265d684d23aa6993ce1faee2534842
MD5 hash:
fa9a7e15af8b99dfd12edc96f5234f17
SHA1 hash:
c62b0416213a8d2aa21cfe6a76f4baab66308d2a
Link:
https://www.unpac.me/results/09a3aa1f-0914-44bd-b807-51ea58c8f6a1/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/77cda0e40715/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB

File information

The table below shows additional information about this malware sample such as delivery method and external references.

f088d45c62fe01b5c0b95248e651e3f2130bf615d02b33c97c16b6bbf8885238

AuroraStealer

Executable exe 77cda0e40715ba31b558029eb58ca2684a265d684d23aa6993ce1faee2534842

(this sample)

  
Dropped by
SHA256 f088d45c62fe01b5c0b95248e651e3f2130bf615d02b33c97c16b6bbf8885238
  
Dropped by
SHA256 c72d781eec5d8c5ced29bd8d88f20aaf7ed962fe30f467d1378fb6c19e2a01ad
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/335658/
  
Dropped by
SHA256 375167eed0422ee98d7d5095efc35058daa0055884eb19960a16cf78015bb72d
  
Dropped by
MD5 ca248723a600832af2f499836bf0f717

Comments