Rewterz Threat Alert – Aurora Stealer – Active IOCs

Severity

Medium

Analysis Summary

Aurora Stealer is a type of information-stealing malware that targets sensitive information from infected computers. The activities aurora stealer performs are as follows:

• Delivery mechanism: Aurora Stealer is typically delivered to the infected computer through phishing emails or malicious websites. The attacker may use social engineering tactics to trick the user into downloading and installing the malware.
• Information-stealing capabilities: Once installed on the infected computer, Aurora Stealer can gather a wide range of sensitive information, such as login credentials, financial information, and personal data. The malware may use various techniques to steal this information, such as keylogging, screen capture, and clipboard monitoring.
• Obfuscation techniques: Aurora Stealer uses advanced obfuscation techniques, such as code packing, to evade detection and analysis by security software. The malware may also use living-off-the-land (LotL) tactics, which allow it to execute malicious payloads using legitimate tools and processes already present on the infected computer. This can make it more difficult for security software to detect the malicious activity.
• Command and control (C2) communication: Aurora Stealer uses a network communication mechanism to communicate with the attacker-controlled server, known as a Command and Control (C2) server. The C2 server is used to receive the stolen information and issue commands to the infected computer. The network communication may be encrypted to evade detection and analysis by security software.
• Code analysis: A code analysis of Aurora Stealer can provide insight into its capabilities, behavior, and underlying code. This can help security researchers and organizations understand how the malware operates and identify any vulnerabilities that can be exploited to defend against it.
• Behavioural analysis: Behavioural analysis of Aurora Stealer can provide insight into its actions on the infected computer and identify any indicators of compromise (IOCs) that can be used to detect or disrupt its operation. This can help security researchers and organizations understand the malware’s behavior and develop more effective defense strategies.

Threat to organizations: Aurora Stealer poses a significant threat to organizations, as it can steal sensitive information that can be used for malicious purposes, such as financial fraud, identity theft, and the sale of stolen data on the dark web. The advanced obfuscation techniques used by the malware make it difficult for security software to detect and defend against it.

Impact

• Credential Thefts
• Unauthorized Access
• Information Theft

Indicators of Compromise

MD5

• 3d6bbb095f2800b2e08b55c4937b180e
• f1907ed511b211cc97f45eab65133900
• b7ad8dee0866020a2b55036360975815
• 560319d3d57710795b231f539256b452

SHA-256

• 21063fbe8f41527df5613ed1fec86e81f25e7649ecee571ec24115f8d40e0273
• 87e2ac245b2276d84c64ce5b1694c10b76176580978c98cfcd8a9f1832409513
• afdba8818e9f4f43f1cfb47544f26522aa5f0d9573248a6b9fde2a39666524ec
• 35d7bfaa55b73ca97da12fba7a06328783358576034ed126c1f727ed34effb68

SHA-1

• 53df8d471d1b0f5fd2b0d11f15c44c2a08e43130
• 14e8a3e0e7aec65b2cae4ad2c0fce34fbb19ae21
• aad4fec5dcc3d39d4f65b9b32710e9cbf5eeeb85
• 6d59ad14a0afa52ddf64c4df5ab118e30926caa1

Remediation

• Block all threat indicators at your respective controls.
• Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
• Emails from unknown senders should always be treated with caution.
• Never trust or open ” links and attachments received from unknown sources/senders.
• Maintain daily backups of all computer networks and servers.