Full Report
2025-05-23 • abuse.ch • abuse.ch • win.aurotun_stealer Open article on Malpedia
Analysis Summary
# Tool/Technique: AurotunStealer
## Overview
AurotunStealer is a malware family documented on MalwareBazaar, identified by the signature tag 'AurotunStealer'. The provided context is a reference page from MalwareBazaar/Malpedia, indicating its categorization and documentation by abuse.ch.
## Technical Details
- Type: Malware family
- Platform: Windows (Implied by the Malpedia entry `win.aurotun_stealer`)
- Capabilities: Information stealing/Exfiltration (Implied by the name "Stealer")
- First Seen: Not explicitly provided in the context, but cataloged on 2025-05-23 in the provided citation timeframe.
## MITRE ATT&CK Mapping
*Note: Since the context is only a reference entry, specific MITRE mappings require external knowledge of the malware's behavior, which is not present here. The mapping below is based on the general classification of Information Stealers.*
- TA0010 - Exfiltration
- T1041 - Exfiltration Over C2 Channel
- TA0009 - Collection
- T1119 - Data from Local System
## Functionality
### Core Capabilities
- Stealing sensitive information from infected systems (Inferred from the 'Stealer' designation).
### Advanced Features
- Specific advanced features cannot be detailed based solely on the catalogue entry.
## Indicators of Compromise
- File Hashes: N/A (Not provided in the context snippet)
- File Names: N/A
- Registry Keys: N/A
- Network Indicators: N/A
- Behavioral Indicators: N/A
## Associated Threat Actors
- Not explicitly listed in the context snippet.
## Detection Methods
- Signature-based detection using the signature hash/tag: `AurotunStealer` on platforms like MalwareBazaar.
## Mitigation Strategies
- Standard defenses against malware infection, including endpoint protection, application whitelisting, and user awareness training.
## Related Tools/Techniques
- Other information stealer malware families.