Auriga
Description
The AURIGA malware family shares a large amount of functionality with the bangat backdoor. The malware family contains functionality for keystroke logging, creating and killing processes, performing file system and registry modifications, spawning interactive command shells, performing process injection, logging off the current user or shutting down the local machine. The AURIGA malware contains a driver component which is used to inject the malware DLL into other processes. This driver can also perform process and IP connection hiding. The malware family will create a copy of cmd.exe to perform its C2 activity, and replace the ‘Microsoft corp’ strings in the cmd.exe binary with different values. The malware family typically maintains persistence through installing itself as a service.
Names
Name |
---|
Auriga |
Riodrv |
Category
Malware
Type
- Backdoor
- Keylogger
Information
- https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
- http://contagiodump.blogspot.com/2013/03/mandiant-apt1-samples-categorized-by.html
Malpedia
Other Information
Uuid
2f8361b0-f1d1-4cc4-9c67-642df54a181a
Last Card Change
2020-04-23