Rewterz Threat Alert – Aurora Stealer – Active IOCs

Severity

Medium

Analysis Summary

Aurora Stealer is a type of information-stealing malware that targets sensitive information from infected computers. The activities aurora stealer performs are as follows:

• Delivery mechanism: Aurora Stealer is typically delivered to the infected computer through phishing emails or malicious websites. The attacker may use social engineering tactics to trick the user into downloading and installing the malware.
• Information-stealing capabilities: Once installed on the infected computer, Aurora Stealer can gather a wide range of sensitive information, such as login credentials, financial information, and personal data. The malware may use various techniques to steal this information, such as keylogging, screen capture, and clipboard monitoring.
• Obfuscation techniques: Aurora Stealer uses advanced obfuscation techniques, such as code packing, to evade detection and analysis by security software. The malware may also use living-off-the-land (LotL) tactics, which allow it to execute malicious payloads using legitimate tools and processes already present on the infected computer. This can make it more difficult for security software to detect the malicious activity.
• Command and control (C2) communication: Aurora Stealer uses a network communication mechanism to communicate with the attacker-controlled server, known as a Command and Control (C2) server. The C2 server is used to receive the stolen information and issue commands to the infected computer. The network communication may be encrypted to evade detection and analysis by security software.
• Code analysis: A code analysis of Aurora Stealer can provide insight into its capabilities, behavior, and underlying code. This can help security researchers and organizations understand how the malware operates and identify any vulnerabilities that can be exploited to defend against it.
• Behavioral analysis: Behavioural analysis of Aurora Stealer can provide insight into its actions on the infected computer and identify any indicators of compromise (IOCs) that can be used to detect or disrupt its operation. This can help security researchers and organizations understand the malware’s behavior and develop more effective defense strategies.

Aurora Stealer poses a significant threat to organizations, as it can steal sensitive information that can be used for malicious purposes, such as financial fraud, identity theft, and the sale of stolen data on the dark web. The advanced obfuscation techniques used by the malware make it difficult for security software to detect and defend against it.

Impact

• Credential Thefts
• Unauthorized Access
• Information Theft

Indicators of Compromise

MD5

• 138eefb81e72bbdf6bf009876f445c28
• 0cb1e47546d778ad888baee0f6c9b5ec
• 3df74698e0964dc8c5363d39a0537d74

SHA-256

• 53274ab4f9cebd26058061cd944614586a086d91cd9f36b679e3c8dccae84a7d
• c1853b7f39c854c19408c29f02fb13b883edcde8d61bd261cb8be0d2c8621dbe
• 50ed2d8e8d8d0509b7eb41eb7dd0b510b1d74d0fd283eccca2764a79c4e55493

SHA-1

• 14afd4156ca94a340e04547809088e6d5d51bc92
• 164220f9706f898d33dd76435c0603ea8972d2b3
• 070eb983cff0a83c77c3da4ff133ca37c0ade304

Remediation

• Block all threat indicators at your respective controls. Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
• Enable two-factor authentication (2FA) on your accounts adds an extra layer of security and can help prevent unauthorized access even if your login credentials have been stolen.
• Regularly backing up your important data can help ensure that you don’t lose any critical information in the event of a malware infection or other data loss event.
• Be wary of emails, attachments, and links from unknown sources. Also, avoid downloading software from untrusted sources or clicking on suspicious ads or pop-ups.
• Make sure all of your software, including your operating system and applications, are up-to-date with the latest security patches. This can help prevent vulnerabilities that could be exploited by Aurora Stealer and other types of malware.