SYMBOLCOMMON_NAMEaka. SYNONYMS
win.aurora_stealer (Back to overview)

Aurora Stealer

First advertised as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums in April 2022, Aurora Stealer is a Golang-based information stealer with downloading and remote access capabilities. The malware targets data from multiple browsers, cryptocurrency wallets, local systems, and act as a loader. During execution, the malware runs several commands through WMIC to collect basic host information, snaps a desktop image, and exfiltrates data to the C2 server within a single base64-encoded JSON file.

References
2023-07-11SpamhausSpamhaus Malware Labs
@techreport{labs:20230711:spamhaus:4e2885e, author = {Spamhaus Malware Labs}, title = {{Spamhaus Botnet Threat Update Q2 2023}}, date = {2023-07-11}, institution = {Spamhaus}, url = {https://info.spamhaus.com/hubfs/Botnet%20Reports/2023%20Q2%20Botnet%20Threat%20Update.pdf}, language = {English}, urldate = {2023-07-22} } Spamhaus Botnet Threat Update Q2 2023
Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee
2023-06-15eSentireRussianPanda
@online{russianpanda:20230615:esentire:68fb84e, author = {RussianPanda}, title = {{eSentire Threat Intelligence Malware Analysis: Aurora Stealer}}, date = {2023-06-15}, organization = {eSentire}, url = {https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-aurora-stealer}, language = {English}, urldate = {2023-07-11} } eSentire Threat Intelligence Malware Analysis: Aurora Stealer
Aurora Stealer
2023-05-14MediumDenshi Yūrei
@online{yrei:20230514:silent:9e16bf5, author = {Denshi Yūrei}, title = {{Silent Echoes: The Hidden Dialogue among Malware Entities — Spotlight on AMOS InfoStealer}}, date = {2023-05-14}, organization = {Medium}, url = {https://denshiyurei.medium.com/silent-echoes-the-hidden-dialogue-among-malware-entities-spotlight-on-amos-infostealer-6d7cd70e3219}, language = {English}, urldate = {2023-05-15} } Silent Echoes: The Hidden Dialogue among Malware Entities — Spotlight on AMOS InfoStealer
AMOS Aurora Stealer TitanStealer
2023-04-23d01aMohamed Adel
@online{adel:20230423:exposing:f6a4b57, author = {Mohamed Adel}, title = {{exposing the internals of Aurora Stealer Builder}}, date = {2023-04-23}, organization = {d01a}, url = {https://d01a.github.io/aurora-stealer-builder/}, language = {English}, urldate = {2023-04-25} } exposing the internals of Aurora Stealer Builder
Aurora Stealer
2023-04-23OALabsSergei Frankoff
@online{frankoff:20230423:in2al5dp3in4er:7117c1b, author = {Sergei Frankoff}, title = {{in2al5dp3in4er Loader}}, date = {2023-04-23}, organization = {OALabs}, url = {https://research.openanalysis.net/in2al5dp3in4er/loader/analysis/sandbox/invalid%20printer/2023/04/23/in2al5dp3in4er.html}, language = {English}, urldate = {2023-05-02} } in2al5dp3in4er Loader
Aurora Stealer
2023-04-13d01aMohamed Adel
@online{adel:20230413:aurora:05f3c4a, author = {Mohamed Adel}, title = {{Aurora Stealer deep dive Analysis}}, date = {2023-04-13}, organization = {d01a}, url = {https://d01a.github.io/aurora-stealer/}, language = {English}, urldate = {2023-04-14} } Aurora Stealer deep dive Analysis
Aurora Stealer
2023-03-24loginsoftSaharsh Agrawal
@online{agrawal:20230324:aurora:0c417c4, author = {Saharsh Agrawal}, title = {{Aurora: The Dark Dawn and its Menacing Effects}}, date = {2023-03-24}, organization = {loginsoft}, url = {https://research.loginsoft.com/threat-research/aurora-the-dark-dawn-and-its-menacing-effects/}, language = {English}, urldate = {2023-04-12} } Aurora: The Dark Dawn and its Menacing Effects
Aurora Stealer
2023-01-18SANS ISCBrad Duncan
@online{duncan:20230118:malicious:df039e8, author = {Brad Duncan}, title = {{Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware}}, date = {2023-01-18}, organization = {SANS ISC}, url = {https://isc.sans.edu/diary/rss/29448}, language = {English}, urldate = {2023-01-19} } Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware
Aurora Stealer
2022-11-21Sekoiasekoia, Threat & Detection Research Team
@online{sekoia:20221121:aurora:243140b, author = {sekoia and Threat & Detection Research Team}, title = {{Aurora: a rising stealer flying under the radar}}, date = {2022-11-21}, organization = {Sekoia}, url = {https://blog.sekoia.io/aurora-a-rising-stealer-flying-under-the-radar/}, language = {English}, urldate = {2022-12-05} } Aurora: a rising stealer flying under the radar
Aurora Stealer
2022-11-02SekoiaThreat & Detection Research Team, sekoia
@online{team:20221102:bluefox:142012b, author = {Threat & Detection Research Team and sekoia}, title = {{BlueFox Stealer: a newcomer designed for traffers teams}}, date = {2022-11-02}, organization = {Sekoia}, url = {https://blog.sekoia.io/bluefox-information-stealer-traffer-maas/}, language = {English}, urldate = {2022-12-05} } BlueFox Stealer: a newcomer designed for traffers teams
Aurora Stealer BlueFox

There is no Yara-Signature yet.