Rewterz Threat Alert – Aurora Stealer – Active IOCs

Severity

Medium

Analysis Summary

Aurora Stealer is a type of information-stealing malware that targets sensitive information from infected computers. The activities aurora stealer performs are as follows:

• Delivery mechanism: Aurora Stealer is typically delivered to the infected computer through phishing emails or malicious websites. The attacker may use social engineering tactics to trick the user into downloading and installing the malware.
• Information-stealing capabilities: Once installed on the infected computer, Aurora Stealer can gather a wide range of sensitive information, such as login credentials, financial information, and personal data. The malware may use various techniques to steal this information, such as keylogging, screen capture, and clipboard monitoring.
• Obfuscation techniques: Aurora Stealer uses advanced obfuscation techniques, such as code packing, to evade detection and analysis by security software. The malware may also use living-off-the-land (LotL) tactics, which allow it to execute malicious payloads using legitimate tools and processes already present on the infected computer. This can make it more difficult for security software to detect the malicious activity.
• Command and control (C2) communication: Aurora Stealer uses a network communication mechanism to communicate with the attacker-controlled server, known as a Command and Control (C2) server. The C2 server is used to receive the stolen information and issue commands to the infected computer. The network communication may be encrypted to evade detection and analysis by security software.
• Code analysis: A code analysis of Aurora Stealer can provide insight into its capabilities, behavior, and underlying code. This can help security researchers and organizations understand how the malware operates and identify any vulnerabilities that can be exploited to defend against it.
• Behavioral analysis: Behavioural analysis of Aurora Stealer can provide insight into its actions on the infected computer and identify any indicators of compromise (IOCs) that can be used to detect or disrupt its operation. This can help security researchers and organizations understand the malware’s behavior and develop more effective defense strategies.

Threat to organizations: Aurora Stealer poses a significant threat to organizations, as it can steal sensitive information that can be used for malicious purposes, such as financial fraud, identity theft, and the sale of stolen data on the dark web. The advanced obfuscation techniques used by the malware make it difficult for security software to detect and defend against it.

Impact

• Credential Thefts
• Unauthorized Access
• Information Theft

Indicators of Compromise

MD5

• 1431d295525534f244dd34a8a311b87f
• 4f253477a36850490e31add375d9cdad
• 6a1d6f9f0d9f038b6bc64ee8d383143d
• 7b7f66624ef0b602dc8b5cf5ab0e0cc7

SHA-256

• 60f5cf24370600410d431405a2af891db1e19396a73d437b33f2e9c01e9fb27e
• 9d46f656238d21c07a1d280b8a23171d05ae87dbb136d4c0efefa578132058cf
• 459a3e9ef30e59ff28934170719d805ee5f05c44d8bd61f4fd8ed1e70047aa1c
• 417aee1f9b38131b40df67ca5ade203e6e45fb3b2928ba209ef2afacc3d6d8fe

SHA-1

• 2d0d2190ed780bf8dfed135bd1d12cae53860ebe
• 0bbd876a81e43746595da1b71285ef6978ceb162
• 5681bfc4587c40695e99daec0c75bef7946627c8
• 7ce5ff0bc6ed6160b34d110f58c4e3b3131b6471

Remediation

• Block all threat indicators at your respective controls.
• Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
• Emails from unknown senders should always be treated with caution.
• Never trust or open ” links and attachments received from unknown sources/senders.
• Maintain daily backups of all computer networks and servers.