SYMBOLCOMMON_NAMEaka. SYNONYMS
win.aurora_stealer (Back to overview)

Aurora Stealer


First advertised as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums in April 2022, Aurora Stealer is a Golang-based information stealer with downloading and remote access capabilities. The malware targets data from multiple browsers, cryptocurrency wallets, local systems, and act as a loader. During execution, the malware runs several commands through WMIC to collect basic host information, snaps a desktop image, and exfiltrates data to the C2 server within a single base64-encoded JSON file.

References
2023-07-11SpamhausSpamhaus Malware Labs
Spamhaus Botnet Threat Update Q2 2023
Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee
2023-06-15eSentireRussianPanda
eSentire Threat Intelligence Malware Analysis: Aurora Stealer
Aurora Stealer
2023-05-14MediumDenshi Yūrei
Silent Echoes: The Hidden Dialogue among Malware Entities — Spotlight on AMOS InfoStealer
AMOS Aurora Stealer TitanStealer
2023-04-23d01aMohamed Adel
exposing the internals of Aurora Stealer Builder
Aurora Stealer
2023-04-23OALabsSergei Frankoff
in2al5dp3in4er Loader
Aurora Stealer
2023-04-13d01aMohamed Adel
Aurora Stealer deep dive Analysis
Aurora Stealer
2023-03-24loginsoftSaharsh Agrawal
Aurora: The Dark Dawn and its Menacing Effects
Aurora Stealer
2023-01-18SANS ISCBrad Duncan
Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware
Aurora Stealer
2022-11-21Sekoiasekoia, Threat & Detection Research Team
Aurora: a rising stealer flying under the radar
Aurora Stealer
2022-11-02Sekoiasekoia, Threat & Detection Research Team
BlueFox Stealer: a newcomer designed for traffers teams
Aurora Stealer BlueFox

There is no Yara-Signature yet.