SYMBOLCOMMON_NAMEaka. SYNONYMS
win.aurora_stealer (Back to overview)

Aurora Stealer


First advertised as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums in April 2022, Aurora Stealer is a Golang-based information stealer with downloading and remote access capabilities. The malware targets data from multiple browsers, cryptocurrency wallets, local systems, and act as a loader. During execution, the malware runs several commands through WMIC to collect basic host information, snaps a desktop image, and exfiltrates data to the C2 server within a single base64-encoded JSON file.

References
2023-01-18SANS ISCBrad Duncan
@online{duncan:20230118:malicious:df039e8, author = {Brad Duncan}, title = {{Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware}}, date = {2023-01-18}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/29448}, language = {English}, urldate = {2023-01-19} } Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware
Aurora Stealer
2022-11-21Sekoiasekoia, Threat & Detection Research Team
@online{sekoia:20221121:aurora:243140b, author = {sekoia and Threat & Detection Research Team}, title = {{Aurora: a rising stealer flying under the radar}}, date = {2022-11-21}, organization = {Sekoia}, url = {https://blog.sekoia.io/aurora-a-rising-stealer-flying-under-the-radar/}, language = {English}, urldate = {2022-12-05} } Aurora: a rising stealer flying under the radar
Aurora Stealer
2022-11-02SekoiaThreat & Detection Research Team, sekoia
@online{team:20221102:bluefox:142012b, author = {Threat & Detection Research Team and sekoia}, title = {{BlueFox Stealer: a newcomer designed for traffers teams}}, date = {2022-11-02}, organization = {Sekoia}, url = {https://blog.sekoia.io/bluefox-information-stealer-traffer-maas/}, language = {English}, urldate = {2022-12-05} } BlueFox Stealer: a newcomer designed for traffers teams
Aurora Stealer BlueFox

There is no Yara-Signature yet.