Rewterz Threat Alert – Aurora Stealer – Active IOCs

Severity

Medium

Analysis Summary

Aurora Stealer is a type of information-stealing malware that targets sensitive information from infected computers. The activities aurora stealer performs are as follows:

• Delivery mechanism: Aurora Stealer is typically delivered to the infected computer through phishing emails or malicious websites. The attacker may use social engineering tactics to trick the user into downloading and installing the malware.
• Information-stealing capabilities: Once installed on the infected computer, Aurora Stealer can gather a wide range of sensitive information, such as login credentials, financial information, and personal data. The malware may use various techniques to steal this information, such as keylogging, screen capture, and clipboard monitoring.
• Obfuscation techniques: Aurora Stealer uses advanced obfuscation techniques, such as code packing, to evade detection and analysis by security software. The malware may also use living-off-the-land (LotL) tactics, which allow it to execute malicious payloads using legitimate tools and processes already present on the infected computer. This can make it more difficult for security software to detect the malicious activity.
• Command and control (C2) communication: Aurora Stealer uses a network communication mechanism to communicate with the attacker-controlled server, known as a Command and Control (C2) server. The C2 server is used to receive the stolen information and issue commands to the infected computer. The network communication may be encrypted to evade detection and analysis by security software.
• Code analysis: A code analysis of Aurora Stealer can provide insight into its capabilities, behavior, and underlying code. This can help security researchers and organizations understand how the malware operates and identify any vulnerabilities that can be exploited to defend against it.
• Behavioural analysis: Behavioural analysis of Aurora Stealer can provide insight into its actions on the infected computer and identify any indicators of compromise (IOCs) that can be used to detect or disrupt its operation. This can help security researchers and organizations understand the malware’s behavior and develop more effective defense strategies.

Threat to organizations: Aurora Stealer poses a significant threat to organizations, as it can steal sensitive information that can be used for malicious purposes, such as financial fraud, identity theft, and the sale of stolen data on the dark web. The advanced obfuscation techniques used by the malware make it difficult for security software to detect and defend against it.

Impact

• Credential Thefts
• Unauthorized Access
• Information Theft

Indicators of Compromise

MD5

• 3f86ae3eda277ce822f282f28427f509
• daebcc41900bc89ee2c50e153a3d26ac
• 3ee5dfca3eadc77f2bf61894d582cc66
• 90afcf8555da3a44eb27c911f9cf1332
• 3c88de41a1fafab68ad70a0bcdfa7b9f

SHA-256

• 83c8c555f66e46623b425bc5d3baa3405447e742e2c02afd16110306f5bb1490
• d13ec3096398daa37bbc870ab323733353f3da106fdc56acef3802f597db9794
• e41b7fabc955a219901ab142402f9fb1c1c81e1923240fbe7ea1f9e4f57e46ad
• 929d7d7b689e671348083c0de50069032b836d8720d5fdf9988d2befdbb0ac4d
• 0a43971f0d73f2723b0b96526ddebcc07d89e1e3893a1692c412ab742fb5deca

SHA-1

• 9167b7673997c85b830f2b9a013c599d4b3cc236
• 18d4733403bf9e80aef8893e523c13572327fa22
• 17f5f51c3439e54b22df194968977653104298d2
• 88abed575491f7e48688eab6bccf8df31db0d336
• d8d6883d482598ce6ba1d4c942827adae9d13f73

Remediation

• Block all threat indicators at your respective controls.
• Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
• Emails from unknown senders should always be treated with caution.
• Never trust or open ” links and attachments received from unknown sources/senders.
• Maintain daily backups of all computer networks and servers.