SYMBOLCOMMON_NAMEaka. SYNONYMS
win.aurora_stealer (Back to overview)

Aurora Stealer


First advertised as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums in April 2022, Aurora Stealer is a Golang-based information stealer with downloading and remote access capabilities. The malware targets data from multiple browsers, cryptocurrency wallets, local systems, and act as a loader. During execution, the malware runs several commands through WMIC to collect basic host information, snaps a desktop image, and exfiltrates data to the C2 server within a single base64-encoded JSON file.

References
2023-05-14MediumDenshi Yūrei
@online{yrei:20230514:silent:9e16bf5, author = {Denshi Yūrei}, title = {{Silent Echoes: The Hidden Dialogue among Malware Entities — Spotlight on AMOS InfoStealer}}, date = {2023-05-14}, organization = {Medium}, url = {https://denshiyurei.medium.com/silent-echoes-the-hidden-dialogue-among-malware-entities-spotlight-on-amos-infostealer-6d7cd70e3219}, language = {English}, urldate = {2023-05-15} } Silent Echoes: The Hidden Dialogue among Malware Entities — Spotlight on AMOS InfoStealer
AMOS Aurora Stealer TitanStealer
2023-04-23d01aMohamed Adel
@online{adel:20230423:exposing:f6a4b57, author = {Mohamed Adel}, title = {{exposing the internals of Aurora Stealer Builder}}, date = {2023-04-23}, organization = {d01a}, url = {https://d01a.github.io/aurora-stealer-builder/}, language = {English}, urldate = {2023-04-25} } exposing the internals of Aurora Stealer Builder
Aurora Stealer
2023-04-23OALabsSergei Frankoff
@online{frankoff:20230423:in2al5dp3in4er:7117c1b, author = {Sergei Frankoff}, title = {{in2al5dp3in4er Loader}}, date = {2023-04-23}, organization = {OALabs}, url = {https://research.openanalysis.net/in2al5dp3in4er/loader/analysis/sandbox/invalid%20printer/2023/04/23/in2al5dp3in4er.html}, language = {English}, urldate = {2023-05-02} } in2al5dp3in4er Loader
Aurora Stealer
2023-04-13d01aMohamed Adel
@online{adel:20230413:aurora:05f3c4a, author = {Mohamed Adel}, title = {{Aurora Stealer deep dive Analysis}}, date = {2023-04-13}, organization = {d01a}, url = {https://d01a.github.io/aurora-stealer/}, language = {English}, urldate = {2023-04-14} } Aurora Stealer deep dive Analysis
Aurora Stealer
2023-03-24loginsoftSaharsh Agrawal
@online{agrawal:20230324:aurora:0c417c4, author = {Saharsh Agrawal}, title = {{Aurora: The Dark Dawn and its Menacing Effects}}, date = {2023-03-24}, organization = {loginsoft}, url = {https://research.loginsoft.com/threat-research/aurora-the-dark-dawn-and-its-menacing-effects/}, language = {English}, urldate = {2023-04-12} } Aurora: The Dark Dawn and its Menacing Effects
Aurora Stealer
2023-01-18SANS ISCBrad Duncan
@online{duncan:20230118:malicious:df039e8, author = {Brad Duncan}, title = {{Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware}}, date = {2023-01-18}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/29448}, language = {English}, urldate = {2023-01-19} } Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware
Aurora Stealer
2022-11-21Sekoiasekoia, Threat & Detection Research Team
@online{sekoia:20221121:aurora:243140b, author = {sekoia and Threat & Detection Research Team}, title = {{Aurora: a rising stealer flying under the radar}}, date = {2022-11-21}, organization = {Sekoia}, url = {https://blog.sekoia.io/aurora-a-rising-stealer-flying-under-the-radar/}, language = {English}, urldate = {2022-12-05} } Aurora: a rising stealer flying under the radar
Aurora Stealer
2022-11-02SekoiaThreat & Detection Research Team, sekoia
@online{team:20221102:bluefox:142012b, author = {Threat & Detection Research Team and sekoia}, title = {{BlueFox Stealer: a newcomer designed for traffers teams}}, date = {2022-11-02}, organization = {Sekoia}, url = {https://blog.sekoia.io/bluefox-information-stealer-traffer-maas/}, language = {English}, urldate = {2022-12-05} } BlueFox Stealer: a newcomer designed for traffers teams
Aurora Stealer BlueFox

There is no Yara-Signature yet.