Behavioral task
behavioral1
Sample
3896-154-0x0000000000400000-0x00000000008ED000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3896-154-0x0000000000400000-0x00000000008ED000-memory.exe
Resource
win10v2004-20240226-en
General
-
Target
3896-154-0x0000000000400000-0x00000000008ED000-memory.dmp
-
Size
4.9MB
-
MD5
fc00c815376fa11d9274746399bcc401
-
SHA1
54e79632cbdd951db095ebbaea6a6fd432d2adbd
-
SHA256
fa5c5c41aafb225620119cac0edb8d05299a099b08e22e18536befb08038de1f
-
SHA512
f36ffed7babfd539b24ecc1daa98d8391a8e7b57cc9cb827eadfaf91483cce7ffe3c28901ceb57988352b35acbe5a68e9e72345d33e7febd23de41bcda974a5b
-
SSDEEP
49152:bg9uAs33L6ebwirep8KphDWeTdp5N0O5rydUn5aQ5E8BIytGifV7FKc0iwA01PO:dX+eJ0FN9E8PG4V7eO
Malware Config
Extracted
aurora
185.106.93.153:8081
Signatures
-
Aurora family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 3896-154-0x0000000000400000-0x00000000008ED000-memory.dmp
Files
-
3896-154-0x0000000000400000-0x00000000008ED000-memory.dmp.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Sections
.text Size: 2.2MB - Virtual size: 2.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 330KB - Virtual size: 727KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.symtab Size: 512B - Virtual size: 4B
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ