Rewterz Threat Alert – Aurora Stealer – Active IOCs

Severity

Medium

Analysis Summary

Aurora Stealer is a type of information-stealing malware that targets sensitive information from infected computers. The activities aurora stealer performs are as follows:

• Delivery mechanism: Aurora Stealer is typically delivered to the infected computer through phishing emails or malicious websites. The attacker may use social engineering tactics to trick the user into downloading and installing the malware.
• Information-stealing capabilities: Once installed on the infected computer, Aurora Stealer can gather a wide range of sensitive information, such as login credentials, financial information, and personal data. The malware may use various techniques to steal this information, such as keylogging, screen capture, and clipboard monitoring.
• Obfuscation techniques: Aurora Stealer uses advanced obfuscation techniques, such as code packing, to evade detection and analysis by security software. The malware may also use living-off-the-land (LotL) tactics, which allow it to execute malicious payloads using legitimate tools and processes already present on the infected computer. This can make it more difficult for security software to detect the malicious activity.
• Command and control (C2) communication: Aurora Stealer uses a network communication mechanism to communicate with the attacker-controlled server, known as a Command and Control (C2) server. The C2 server is used to receive the stolen information and issue commands to the infected computer. The network communication may be encrypted to evade detection and analysis by security software.
• Code analysis: A code analysis of Aurora Stealer can provide insight into its capabilities, behavior, and underlying code. This can help security researchers and organizations understand how the malware operates and identify any vulnerabilities that can be exploited to defend against it.
• Behavioural analysis: Behavioural analysis of Aurora Stealer can provide insight into its actions on the infected computer and identify any indicators of compromise (IOCs) that can be used to detect or disrupt its operation. This can help security researchers and organizations understand the malware’s behavior and develop more effective defense strategies.

Threat to organizations: Aurora Stealer poses a significant threat to organizations, as it can steal sensitive information that can be used for malicious purposes, such as financial fraud, identity theft, and the sale of stolen data on the dark web. The advanced obfuscation techniques used by the malware make it difficult for security software to detect and defend against it.

Impact

• Credential Thefts
• Unauthorized Access
• Information Theft

Indicators of Compromise

MD5

• 50d48404f9b93a16c69aed2e6c585192
• bc4a3561312ba8ffd09bda2d15b0241d
• feb34584dab15ee2b93405ed12747bed

SHA-256

• 0a6ed49a01a7c4cad6ea914495d5789b97a9993508fe82ff3232613afb2a0789
• 21a4b7100399b6a4fdbec12bc71e1695304f8fb420edd142e864b63beaf8387c
• 7c81c35dd3a587ceca2ec3fb0e266de3f3c9085d557bd0900847590f714c0b8e

SHA-1

• 3f949a4b96bac4f7e1cec881edb5b65295410a1c
• 78e1a24e9e34a1c311cdfb2064170495aba914b6
• b8e382d5bd00bbeed0541588fc0d840ec1d9ef3c

Remediation

• Block all threat indicators at your respective controls.
• Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
• Emails from unknown senders should always be treated with caution.
• Never trust or open ” links and attachments received from unknown sources/senders.
• Maintain daily backups of all computer networks and servers.