Aurora Stealer (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

win.aurora_stealer (Back to overview)

Aurora Stealer

First advertised as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums in April 2022, Aurora Stealer is a Golang-based information stealer with downloading and remote access capabilities. The malware targets data from multiple browsers, cryptocurrency wallets, local systems, and act as a loader. During execution, the malware runs several commands through WMIC to collect basic host information, snaps a desktop image, and exfiltrates data to the C2 server within a single base64-encoded JSON file.

References

2023-07-11 ⋅ Spamhaus ⋅ Spamhaus Malware Labs
Spamhaus Botnet Threat Update Q2 2023
Hydra AsyncRAT Aurora Stealer Ave Maria BumbleBee Cobalt Strike DCRat Havoc IcedID ISFB NjRAT QakBot Quasar RAT RecordBreaker RedLine Stealer Remcos Rhadamanthys Sliver Tofsee

2023-06-15 ⋅ eSentire ⋅ RussianPanda
eSentire Threat Intelligence Malware Analysis: Aurora Stealer
Aurora Stealer

2023-05-14 ⋅ Medium ⋅ Denshi Yūrei
Silent Echoes: The Hidden Dialogue among Malware Entities — Spotlight on AMOS InfoStealer
AMOS Aurora Stealer TitanStealer

2023-04-23 ⋅ d01a ⋅ Mohamed Adel
exposing the internals of Aurora Stealer Builder
Aurora Stealer

2023-04-23 ⋅ OALabs ⋅ Sergei Frankoff
in2al5dp3in4er Loader
Aurora Stealer

2023-04-13 ⋅ d01a ⋅ Mohamed Adel
Aurora Stealer deep dive Analysis
Aurora Stealer

2023-03-24 ⋅ loginsoft ⋅ Saharsh Agrawal
Aurora: The Dark Dawn and its Menacing Effects
Aurora Stealer

2023-01-18 ⋅ SANS ISC ⋅ Brad Duncan
Malicious Google Ad --> Fake Notepad++ Page --> Aurora Stealer malware
Aurora Stealer

2022-11-21 ⋅ Sekoia ⋅ sekoia, Threat & Detection Research Team
Aurora: a rising stealer flying under the radar
Aurora Stealer

2022-11-02 ⋅ Sekoia ⋅ sekoia, Threat & Detection Research Team
BlueFox Stealer: a newcomer designed for traffers teams
Aurora Stealer BlueFox

There is no Yara-Signature yet.

Aurora Stealer Propose Change

References

Aurora Stealer