Pulse Detail — Threat Intelligence

PULSE NAME

Analysis of AuraStealer, an emerging infostealer

WHITE PetrP.73 2026-03-04 Modified: 2026-04-03

513

IOCs

HIGH VOLUME

AuraStealer is a newly emerged infostealer attributed to a group of Russian-speaking developers, gaining traction in the cybercrime landscape since its appearance on hacker forums in July 2025. This malware has been associated with numerous campaigns and is reported to compete directly with existing threats such as Rhadamantys and Vidar. The malware utilizes an extensive command and control (C2) infrastructure comprising 48 domains, recently shifting from .SHOP to .CFD top-level domains (TLDs), which are more conducive to tracking by security researchers.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1497 T1041 T1030 T1573.001 T1070.001 T1074.001 T1602 T1005 T1119 T1113 T1115 T1518 T1057 T1082 T1552.001 T1539 T1555.003 T1555 T1070.004 T1480.001 T1518.001 T1497.003 T1497.001 T1562.006 T1140 T1027 T1055 T1106 T1204 T1059.001 T1204.001 T1204.002 T1566.002

MALWARE FAMILIES

AuraStealer

Indicators of Compromise (69 / 513 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	03992a581e99d78f5d0f7ebb243ef1fc	MD5 of ff7300280507ba4cd60a544cf1abf4bd005c3337cce1843bcb8519d4a379739e	2026-03-04
FileHash-MD5	04b002135b2e634a2ffc69254036ebb0	MD5 of bac52ffc8072893ff26cdbf1df1ecbcbb1762ded80249d3c9d420f62ed0dc202	2026-03-04
FileHash-MD5	0764142fbbeff845879db1d7c959f9ab	MD5 of e683db1a30ff19c51aaea8092ce62d1a8c33fab79ba12e90ac9a56475dcda3f2	2026-03-04
FileHash-MD5	0bbd7406b95420ea9f035eec4aa4a8ed	MD5 of 0223e39d9c26f065fabb1bcb8a1a03fe439bb18b8d14816646d8d236a6fd46a3	2026-03-04
FileHash-MD5	0c2ce2022580d905ab76d445a5c2dcf6	MD5 of fbdb4c1fc414138634af6f447fcf8a64d3a907e84a939a2d7ec4c94864bc5ce6	2026-03-04
FileHash-MD5	10247c75d40ad4ac7856f080afb8fc1c	MD5 of cd76c25558e50a4f0f4ac769e4e1e56153b0eb2f0aa4a15aee9bd795e006cb94	2026-03-04
FileHash-MD5	121ed4571722e5768e4d28069c31e507	MD5 of 2ba8b7ba45032c747065462728616a5f874fe78e58ce336c9214fee7b7066d66	2026-03-04
FileHash-MD5	139ef7c202e31101971d8c2bc9cbf80c	MD5 of 158369ad66ea4baceee19051425c21f657ffc1b3483ea812323816b612f324bd	2026-03-04
FileHash-MD5	1e9e4ef418018398aded999f953d67a4	MD5 of b86c73390c3416559bac49427b05dbdb4c25fc6551c4dcc3173baf8532690b1a	2026-03-04
FileHash-MD5	2203bb536948faaed33f44ff9e17ffed	MD5 of 5790d47278337174cc3c65a16ce75d759a776b9b8b176aa9e6493686fd3a0c70	2026-03-04
FileHash-MD5	2610f7511982b30b0fd053df5f7c9dbc	MD5 of e4b3613b91d9fa3ab7c3f2edc4becec8f55cc69ffb1de6fe9010ff20bf26ab39	2026-03-04
FileHash-MD5	2718e51d05d2b0e09520c62d4eff909b	MD5 of a271e0db3891f0000c85511ed766e5de6b47ceab5e43a0e2516bb4fe8f9c1b65	2026-03-04
FileHash-MD5	271fba299cbd512f2f5492c6208a44e5	MD5 of 3272967dad9daa78f252ec34fbbbaae7cfe43c730f6b4bcc6ca657c0c20c61a0	2026-03-04
FileHash-MD5	29d0e991d1850ad527028cf32e921c0a	MD5 of b6f45383ad76a415286d27b255737f5b908445a2f82b2f9ed26ca307d7582141	2026-03-04
FileHash-MD5	2fbc05fca6f4232b3121e4b5a7d02eb5	MD5 of a97c248320730f860fa05e66eb6fa2f0fabd880df6c4335c1316ff96a2172711	2026-03-04
FileHash-MD5	3914dad624571da7341a9cb57d9e1f6c	MD5 of c0059067172b5a1dcf7a4b6b3f6a13deef1a23209b188536927dbd53c71af782	2026-03-04
FileHash-MD5	487630351162eca19b7175133d61b1ea	MD5 of c56de27d16c41a73055a76714efbdc289a9b58dfadf3427f7937be0bb3ccab2c	2026-03-04
FileHash-MD5	53f6b43c77b5bd8775223135eab2916a	MD5 of 853342062e506b03ce3740481d51417d36853da948f89df288b040e9c874512b	2026-03-04
FileHash-MD5	5411f8bb242dae9e2910e5850617dbf4	MD5 of d5d1da10d75ba6b1544082b3c055486f8ac0cc0c461900062eea0436d1af3b2a	2026-03-04
FileHash-MD5	59144e15cac8f96b33263f485a3a0ed7	MD5 of 874db4ca5db163b737878830554592cdcf8b4deff6a8861b863e036507f66940	2026-03-04
FileHash-MD5	5e6123460ba09e3574be4e007574ef7a	MD5 of 37ad1161c498908a2ed3f6011aec8a65410ce36ed8554dccf5b02490dbb3cad0	2026-03-04
FileHash-MD5	66b597d27d0554b1504430138369859b	MD5 of d8124a523f64d1662304c5f2bda383e547d488e277b02e414c82ea7f85dd29c4	2026-03-04
FileHash-MD5	68dd0ff94d7226db4e0a98df2c64e52c	MD5 of cf8114a24c8fb284869d45d5da63c6399298fc37d6220b7a2b9f3523605332b6	2026-03-04
FileHash-MD5	68fa5696ee95d5b1b5d00cb6f6a0225d	MD5 of 16f2061c05939dab99f279a5fd712093ba711f9074b538c83d0956351e3b618f	2026-03-04
FileHash-MD5	69819fd0cfb11f2ce8f90bdfac5fa284	MD5 of 2f51b3ee72ea3ae2dcfbc4d0544ee21c2343ede86baef5b621c59ef680d95f7d	2026-03-04
FileHash-MD5	6a113d6b42421c9e6edc0fb2abcfcb76	MD5 of 58b11b4dc81d0b005b7d5ecae0fb6ddb3c31ad0e7a9abf9a7638169c51356fd8	2026-03-04
FileHash-MD5	6c07a1e4712c2fa86784ef4bacfc05d3	MD5 of bfd12c1acfb57e5d4e488e7b0025419de3ce9f028b6399ba07deda668584ac55	2026-03-04
FileHash-MD5	7db03e258090709014f85bdd33fa9d5c	MD5 of a9c47f10d5eb77d7d6b356be00b4814a7c1e5bb75739b464beb6ea03fc36cc85	2026-03-04
FileHash-MD5	7e380eab9e5320d8cd7194e7c7a4ae1c	MD5 of 3c005a52826afb893a9c76166b3c2e6ccdebf5be7d2fe8d0b7af57298881a024	2026-03-04
FileHash-MD5	7f53398c05f45095857d2abd4d3933d8	MD5 of a4dd26ed32c9fc6df421007e6cb8ff8b6ab4ae3cacae434d051aa0cd50436947	2026-03-04
FileHash-MD5	88c7f92737f37c4e21859891da4d073b	MD5 of 3073e7cb8d5e2bbc570d2db90735e1bde485e1c09e57a3e6786f7262d3761ad6	2026-03-04
FileHash-MD5	90bc169a2c327884f713d65cfc1ef9ab	MD5 of a3d10bfed09f482c20836670bf106c9f37ee2a9a2145d79ba78973d4ae8c90da	2026-03-04
FileHash-MD5	9149b449a89f24ebbc726c996a471ccf	MD5 of 68bfdc8e5485211e4a6b409d266c98f1f18fb2b5ac06c0b2b83fb724a03ab319	2026-03-04
FileHash-MD5	948fdb132065a92c063a2120b3a58a78	MD5 of c9b69a65597e7b886e680887396eff8c6d1e13fd0198f30f487ad69311c3a3d5	2026-03-04
FileHash-MD5	9c384a29e11990d4ab6c7c31451fc3f0	MD5 of a4863535d09ddb9fdc28330468e90bb7d5aeec17e08fbddcaefb408e3ffe352d	2026-03-04
FileHash-MD5	9e19eb231a7b70027205f2c83fd649f1	MD5 of d608e476823ee8b806209a9eae5c7f308ec4b36d85ce2c5c413acefd5992bf3a	2026-03-04
FileHash-MD5	a19735906cd44c9dd359bd436c3be383	MD5 of e7c3283b3a80e7d002b73a9d93dbe09cf35bfe2697982a1e09f83dc067ecb68a	2026-03-04
FileHash-MD5	a28ce83fcce61f05fbfb9bd9ba0f2710	MD5 of e4e51e4a5afd15d254713d72e6525b72dd992aab91c8c19ba1487c35ee951cbe	2026-03-04
FileHash-MD5	a2a27496acdf7c75c4bfab3aabe88ba8	MD5 of aa8a23249fbc943bdfb175ab67b3cd605a5db42da1db12d8c9a4384abc1ccb8c	2026-03-04
FileHash-MD5	a4b1d8b0a5943769357bae8f02be6670	MD5 of f6e7341ab412ef16076901ea5835f61fbc3e94d0b9f2813355576bad57376f29	2026-03-04
FileHash-MD5	aa626d0a781305a89ac221c9dca16c3f	MD5 of cbd003dbc0c53955c44d5f26bd3638105bf3c6ec22eae465a1e9f7e731ed88d7	2026-03-04
FileHash-MD5	aefc92f4372d6bac69993505fc270b8a	MD5 of a73f7ff2df033591c1821fc5a74d435d5718486a3fcd9030ac8b046abef61ed7	2026-03-04
FileHash-MD5	b01e9a5bf13160cd1f4bc1a8472652e6	MD5 of 86308716ab7e4917109ef59968a569e93d5ec0968384703af09535ad346a3cc9	2026-03-04
FileHash-MD5	b22cfb28093ae108a56e532311355017	MD5 of 8050c103258b0c31efe068e35ec9771cffe374e6d481211aba3c1ceb08d8d3b0	2026-03-04
FileHash-MD5	b2f9bdbe7da7fb73239cf12efb8484c2	MD5 of e91f79999728911847313f70ec1ac76ff5965b43c929bc4db7c2f55d62f353d2	2026-03-04
FileHash-MD5	b7804b033abf1cda5901aebf54843949	MD5 of e88c39ab1cd5dfd24999849b84a168f30a1d262843cd176f9ba70b54e74d8bea	2026-03-04
FileHash-MD5	c1282806ac7d827d7262d951b5222c84	MD5 of 52133028c5077f5a359f2b15a33a83591a963f7ca4f283be20fb681e31ee65b7	2026-03-04
FileHash-MD5	c3fa5ccfcaaf5b2e18051a7eb39675b7	MD5 of 6d6f34faa5b3a0026098a7f62c16930a55f2d144b5507c77a11d53dbae301dcb	2026-03-04
FileHash-MD5	c45ab1c7a3bd01d61fe71fcec6e42f18	MD5 of f7d0f099d042de83aa2d0a13100640bea49d28c77c2eb3087c0fb43ec0cd83d7	2026-03-04
FileHash-MD5	c4a74bc14c793e2ff31c9b200df1a549	MD5 of 0f6f0f85e227dc265fb3e020a7972d864588b3cb58085e1943ccc8907ef3b2df	2026-03-04
FileHash-MD5	c522d8e9ca4b11c30cc3ddd974ac2110	MD5 of d8e07214cbc8fae34e14c8e45c63ef3d968ce47cf0e01efd8d2b2a0091e5d2f2	2026-03-04
FileHash-MD5	c76830656480516c31a2ffa6f1c57f8e	MD5 of 613bcc83f843d129943420d4ff144ed211ba1c98b0d152cd6bbad9821f3e357b	2026-03-04
FileHash-MD5	c771d24e24ccb517bb1fabc1cbdb0fd6	MD5 of 301f6a0663124dba64530abcc876e5c0c30bbe7176765894ee054ab4810b59fc	2026-03-04
FileHash-MD5	ce223670524974b51445c29a61491712	MD5 of 701f5f9fe2a386456622ae19164990084df41e789c826e45fb56a2f5a4596036	2026-03-04
FileHash-MD5	cf7353d6c4689cc22c8996c16649a7a8	MD5 of f0f7ae1fc2d569b8b9267d2ec81f7e539db4beaf275bca41962c27ecfa5361bf	2026-03-04
FileHash-MD5	d0f4465f8a047b28389d3b46031159bc	MD5 of 0f06a09ffd1430a866396ef8c77cb6ffba80747179e6712fa7f021b4fa485bef	2026-03-04
FileHash-MD5	d5007d069ad2b18876c877326d04a7bd	MD5 of b4469dc52c6c92d64e5b01c0359a029e9452ffe51d5613936dc068ec83ebfcae	2026-03-04
FileHash-MD5	d6d679f39bf6cc64513a93f37535c881	MD5 of fd3875225c1ab60e6dc52fc8f94b4d389624592b7e7b57ee86e54cebe5d3eb6a	2026-03-04
FileHash-MD5	e399ba3b4791c3612db74cec75e87760	MD5 of ae3e1854d3859ed5abb59ca02fe3f6cd2f77481a562dfdc5eb2b83ce61d27641	2026-03-04
FileHash-MD5	e68e2f496d385252bad326ed97b076a1	MD5 of 4c92cd00c2950f738819a33e06925974a62285cfaa9441f51657a7772ab54e43	2026-03-04
FileHash-MD5	e7c98c443e387d684b9a2cb0aa3d7401	MD5 of f816558972f62d206757bad4a95ee75290615f520f3b24d814ffbcdfc6998c6c	2026-03-04
FileHash-MD5	eb27285c648db1985ead135748050618	MD5 of 85d3b4616c6878682b1c7e2125cfa59206711387159bc01df20db0a578b7a318	2026-03-04
FileHash-MD5	eeb93fee7f1b8f7372140418d3b3a018	MD5 of 01e67139b59eed0fe1fcb4c66a9e88ad20dd8b55648c077aec7fa2ae3431ea5f	2026-03-04
FileHash-MD5	efdf98fc871c023a23d79636520aa2d5	MD5 of efca5cb54a4d6d2ca903d477040ed004643d49cf78b8ff8c3fea312a03f55dfd	2026-03-04
FileHash-MD5	f1056f5f8f6fd4cde269ca50015930a8	MD5 of 7fad0ba68e3108922d462d3f2df6003bea9217e0271dc59c8632c647f17a8fa3	2026-03-04
FileHash-MD5	f1f26c1566be0ce54288f4b93370ae32	MD5 of 2e8ab2aac5c9c8e514d40fc496fcb22a188aae79d864ead34c64f1689d5892cf	2026-03-04
FileHash-MD5	f37b28e622c4f730e48847247d0a5801	MD5 of 6c87a3ef65339d9ea65513b866aa22a57aff972ab2cf7cf25fea4f64231dfb6f	2026-03-04
FileHash-MD5	f6b901d9a014776070f1596267b6d2d7	MD5 of f08c9abc6abce14ee55ea664881d7f7a2a7000f4161aeebae5cf18f62f2f291c	2026-03-04
FileHash-MD5	fa3ba7b470e2514798a4b621806af5f9	MD5 of 9a46c8d884f4c59701d3af7bead1e099e3ddeb1e2b75f98756cc5403d88bd370	2026-03-04

References (1)

↗ https://www.intrinsec.com/wp-content/uploads/2026/02/TLP-CLEAR-AuraStealer-EN.pdf