Pulse Detail — Threat Intelligence

PULSE NAME

Analysis of AuraStealer, an emerging infostealer

WHITE PetrP.73 2026-03-04 Modified: 2026-04-03

513

IOCs

HIGH VOLUME

AuraStealer is a newly emerged infostealer attributed to a group of Russian-speaking developers, gaining traction in the cybercrime landscape since its appearance on hacker forums in July 2025. This malware has been associated with numerous campaigns and is reported to compete directly with existing threats such as Rhadamantys and Vidar. The malware utilizes an extensive command and control (C2) infrastructure comprising 48 domains, recently shifting from .SHOP to .CFD top-level domains (TLDs), which are more conducive to tracking by security researchers.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1497 T1041 T1030 T1573.001 T1070.001 T1074.001 T1602 T1005 T1119 T1113 T1115 T1518 T1057 T1082 T1552.001 T1539 T1555.003 T1555 T1070.004 T1480.001 T1518.001 T1497.003 T1497.001 T1562.006 T1140 T1027 T1055 T1106 T1204 T1059.001 T1204.001 T1204.002 T1566.002

MALWARE FAMILIES

AuraStealer

Indicators of Compromise (70 / 513 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA1	02d692ec7319756e43dcc383ef4e838f7dfe4aac	SHA1 of 7fad0ba68e3108922d462d3f2df6003bea9217e0271dc59c8632c647f17a8fa3	2026-03-04
FileHash-SHA1	053bcfa564463c8aabe41a4e65fa4814ed9d3849	SHA1 of f816558972f62d206757bad4a95ee75290615f520f3b24d814ffbcdfc6998c6c	2026-03-04
FileHash-SHA1	0a5b47a9c4fb873ef141a9f0108176c261de1e76	SHA1 of a73f7ff2df033591c1821fc5a74d435d5718486a3fcd9030ac8b046abef61ed7	2026-03-04
FileHash-SHA1	0f4c2c04e4d5a49773446766661bb573d3c46a79	SHA1 of 4c92cd00c2950f738819a33e06925974a62285cfaa9441f51657a7772ab54e43	2026-03-04
FileHash-SHA1	17e722a164ef8f3ead9b24929be1a658aa7b6dba	SHA1 of e91f79999728911847313f70ec1ac76ff5965b43c929bc4db7c2f55d62f353d2	2026-03-04
FileHash-SHA1	17f41f213d09ecd6fe6ee674bf94e700e0667e99	SHA1 of d5d1da10d75ba6b1544082b3c055486f8ac0cc0c461900062eea0436d1af3b2a	2026-03-04
FileHash-SHA1	1ea80a0b523f662a2f9e8ce835863954c208b203	SHA1 of b86c73390c3416559bac49427b05dbdb4c25fc6551c4dcc3173baf8532690b1a	2026-03-04
FileHash-SHA1	28e1cae97f2f693eff81ce478ad9a8b71591ee1e	SHA1 of d608e476823ee8b806209a9eae5c7f308ec4b36d85ce2c5c413acefd5992bf3a	2026-03-04
FileHash-SHA1	2b73dd2fb546566cc49ebae573316b749f53de0f	SHA1 of a4dd26ed32c9fc6df421007e6cb8ff8b6ab4ae3cacae434d051aa0cd50436947	2026-03-04
FileHash-SHA1	2f90a4ec18c2597debdd5610aa3a3922f17d195c	SHA1 of 68bfdc8e5485211e4a6b409d266c98f1f18fb2b5ac06c0b2b83fb724a03ab319	2026-03-04
FileHash-SHA1	311dd20de782fe655db4bacf4e3a53ed09c9ef59	SHA1 of 853342062e506b03ce3740481d51417d36853da948f89df288b040e9c874512b	2026-03-04
FileHash-SHA1	3248a9eb0db16fcc608c39cf383516fb4450a935	SHA1 of 3272967dad9daa78f252ec34fbbbaae7cfe43c730f6b4bcc6ca657c0c20c61a0	2026-03-04
FileHash-SHA1	3814a95f436291e1a3fee56277cc939ae556433e	SHA1 of a3d10bfed09f482c20836670bf106c9f37ee2a9a2145d79ba78973d4ae8c90da	2026-03-04
FileHash-SHA1	3956c8dcacb4e5a18f9e59283028eb7fcc70406e	SHA1 of 8050c103258b0c31efe068e35ec9771cffe374e6d481211aba3c1ceb08d8d3b0	2026-03-04
FileHash-SHA1	39c0e9ce5bf5ef64e546d1acfea88dd245723aa4	SHA1 of 58b11b4dc81d0b005b7d5ecae0fb6ddb3c31ad0e7a9abf9a7638169c51356fd8	2026-03-04
FileHash-SHA1	3f4a72be117c9dfac8288a69fa3b7b5f28940026	SHA1 of fbdb4c1fc414138634af6f447fcf8a64d3a907e84a939a2d7ec4c94864bc5ce6	2026-03-04
FileHash-SHA1	48aa98acff4c0beb4f3ac315dcef37c7f8cf9164	SHA1 of a4863535d09ddb9fdc28330468e90bb7d5aeec17e08fbddcaefb408e3ffe352d	2026-03-04
FileHash-SHA1	4973caab1b94174fec3aafa95bb167ab40521d05	SHA1 of cf8114a24c8fb284869d45d5da63c6399298fc37d6220b7a2b9f3523605332b6	2026-03-04
FileHash-SHA1	4b1f3f77b522c990bf64da8eb80d516b6f742bb8	SHA1 of 613bcc83f843d129943420d4ff144ed211ba1c98b0d152cd6bbad9821f3e357b	2026-03-04
FileHash-SHA1	4c3c94c5f0165d63fb7ce91537a4d321c346061c	SHA1 of 85d3b4616c6878682b1c7e2125cfa59206711387159bc01df20db0a578b7a318	2026-03-04
FileHash-SHA1	5afb9c271a13afa6461d3453a364e16e7947ffc9	SHA1 of cbd003dbc0c53955c44d5f26bd3638105bf3c6ec22eae465a1e9f7e731ed88d7	2026-03-04
FileHash-SHA1	5ec7eb54f1a7dc7821cdfa7ff1476f20acfd3181	SHA1 of a9c47f10d5eb77d7d6b356be00b4814a7c1e5bb75739b464beb6ea03fc36cc85	2026-03-04
FileHash-SHA1	6351779b91ddce65e7476974ec6da2b8cfb72376	SHA1 of 52133028c5077f5a359f2b15a33a83591a963f7ca4f283be20fb681e31ee65b7	2026-03-04
FileHash-SHA1	69accada971e24cb51173e2ede5e36ed9e2cca68	SHA1 of 0f06a09ffd1430a866396ef8c77cb6ffba80747179e6712fa7f021b4fa485bef	2026-03-04
FileHash-SHA1	6c926690fc5460fdded445b18e7998a61341b382	SHA1 of a97c248320730f860fa05e66eb6fa2f0fabd880df6c4335c1316ff96a2172711	2026-03-04
FileHash-SHA1	73cc62a746a1b51f244f5e7de9cdd7d82c0e43d5	—	2026-03-04
FileHash-SHA1	763e9111db13f8bc07e38f96934e10d01dce4c07	SHA1 of 0f6f0f85e227dc265fb3e020a7972d864588b3cb58085e1943ccc8907ef3b2df	2026-03-04
FileHash-SHA1	774922feb104cd3c020c4d45b5b33cb2233f7e19	SHA1 of 0223e39d9c26f065fabb1bcb8a1a03fe439bb18b8d14816646d8d236a6fd46a3	2026-03-04
FileHash-SHA1	7a7b90c524dc90c15479701680788e1cddd5d46a	SHA1 of bac52ffc8072893ff26cdbf1df1ecbcbb1762ded80249d3c9d420f62ed0dc202	2026-03-04
FileHash-SHA1	7ea3e4dbeb8a6499d62a355fe87d79f762c27669	SHA1 of c9b69a65597e7b886e680887396eff8c6d1e13fd0198f30f487ad69311c3a3d5	2026-03-04
FileHash-SHA1	817b1b477a37fb228bd38720ea6018ee98baa187	SHA1 of d8124a523f64d1662304c5f2bda383e547d488e277b02e414c82ea7f85dd29c4	2026-03-04
FileHash-SHA1	83276f4947ae50c87d41efc98392a88dd51f9a26	SHA1 of 01e67139b59eed0fe1fcb4c66a9e88ad20dd8b55648c077aec7fa2ae3431ea5f	2026-03-04
FileHash-SHA1	835c33d227365c4f499f90226832331661a7ff87	SHA1 of 6d6f34faa5b3a0026098a7f62c16930a55f2d144b5507c77a11d53dbae301dcb	2026-03-04
FileHash-SHA1	83863b9afc35a6c8200b944e6d89e33040188e7d	SHA1 of 37ad1161c498908a2ed3f6011aec8a65410ce36ed8554dccf5b02490dbb3cad0	2026-03-04
FileHash-SHA1	85a0b99230c555ccaaa3c2b0c4be5456ef3b48c0	SHA1 of c0059067172b5a1dcf7a4b6b3f6a13deef1a23209b188536927dbd53c71af782	2026-03-04
FileHash-SHA1	88ef0437653bf1e8b2ea0d15e2af35f05654ea4b	SHA1 of e4b3613b91d9fa3ab7c3f2edc4becec8f55cc69ffb1de6fe9010ff20bf26ab39	2026-03-04
FileHash-SHA1	8ac09bc50dd2502a7e0cbba76c4a607cc925da2a	SHA1 of 701f5f9fe2a386456622ae19164990084df41e789c826e45fb56a2f5a4596036	2026-03-04
FileHash-SHA1	8c53969fb9fc7af4cc517eeb2bef4341e87860e7	SHA1 of fd3875225c1ab60e6dc52fc8f94b4d389624592b7e7b57ee86e54cebe5d3eb6a	2026-03-04
FileHash-SHA1	9859b86f553b970cc1376f3efd51256e4b4d7249	SHA1 of 2e8ab2aac5c9c8e514d40fc496fcb22a188aae79d864ead34c64f1689d5892cf	2026-03-04
FileHash-SHA1	9dce6dffa5910bc59726d454e4395f73176b729d	SHA1 of b4469dc52c6c92d64e5b01c0359a029e9452ffe51d5613936dc068ec83ebfcae	2026-03-04
FileHash-SHA1	9e660b67418c95dcafe7d5da2c160225376cd91a	SHA1 of e683db1a30ff19c51aaea8092ce62d1a8c33fab79ba12e90ac9a56475dcda3f2	2026-03-04
FileHash-SHA1	9f085876ed2b0f7af0a4ea69f6bc381de1cf7ae8	SHA1 of 3c005a52826afb893a9c76166b3c2e6ccdebf5be7d2fe8d0b7af57298881a024	2026-03-04
FileHash-SHA1	a1818dac3670eebea410e4680830bc882e65fb77	SHA1 of efca5cb54a4d6d2ca903d477040ed004643d49cf78b8ff8c3fea312a03f55dfd	2026-03-04
FileHash-SHA1	a2c6c717aa075dff60943147e41613ceaf8caeaa	SHA1 of c56de27d16c41a73055a76714efbdc289a9b58dfadf3427f7937be0bb3ccab2c	2026-03-04
FileHash-SHA1	a41fc5675cf3fec5f13414726b0bc3d76689abcc	SHA1 of ae3e1854d3859ed5abb59ca02fe3f6cd2f77481a562dfdc5eb2b83ce61d27641	2026-03-04
FileHash-SHA1	a431f6e7ea5f4538d127164dda4b4c096e7333fe	SHA1 of 6c87a3ef65339d9ea65513b866aa22a57aff972ab2cf7cf25fea4f64231dfb6f	2026-03-04
FileHash-SHA1	a54d8a8eabf4156d7568b5377e74ab4e246fbf9d	SHA1 of e7c3283b3a80e7d002b73a9d93dbe09cf35bfe2697982a1e09f83dc067ecb68a	2026-03-04
FileHash-SHA1	aa730b24402101e62901963ad883613455bece39	SHA1 of f0f7ae1fc2d569b8b9267d2ec81f7e539db4beaf275bca41962c27ecfa5361bf	2026-03-04
FileHash-SHA1	ae2446a4db4580f3b345fdf045ce1371ca102735	SHA1 of b6f45383ad76a415286d27b255737f5b908445a2f82b2f9ed26ca307d7582141	2026-03-04
FileHash-SHA1	af4fcc2917212775afd37a2f31e48a7871d1e78e	SHA1 of f7d0f099d042de83aa2d0a13100640bea49d28c77c2eb3087c0fb43ec0cd83d7	2026-03-04
FileHash-SHA1	b91a600806d8e455470478cb605eefb067b47fa4	SHA1 of 301f6a0663124dba64530abcc876e5c0c30bbe7176765894ee054ab4810b59fc	2026-03-04
FileHash-SHA1	ba19bc0e6d4cd9f5ee563e8a674772e8d446b07d	SHA1 of 86308716ab7e4917109ef59968a569e93d5ec0968384703af09535ad346a3cc9	2026-03-04
FileHash-SHA1	bc4c815af058f8f9ea8db7b056154b6a3efe25e5	SHA1 of bfd12c1acfb57e5d4e488e7b0025419de3ce9f028b6399ba07deda668584ac55	2026-03-04
FileHash-SHA1	c1a4a4dd15fba54491fa4b629e3bc9f6fbaea25a	SHA1 of e88c39ab1cd5dfd24999849b84a168f30a1d262843cd176f9ba70b54e74d8bea	2026-03-04
FileHash-SHA1	c3a7aa88a04caff742ffe6cfc907c65f27eb3233	SHA1 of f08c9abc6abce14ee55ea664881d7f7a2a7000f4161aeebae5cf18f62f2f291c	2026-03-04
FileHash-SHA1	d19ebaf9b5768c5070842d2cfae6e7f9ee872c43	SHA1 of 5790d47278337174cc3c65a16ce75d759a776b9b8b176aa9e6493686fd3a0c70	2026-03-04
FileHash-SHA1	d1d08ade5e932765464e417bdc6a8052b74f12cd	SHA1 of a271e0db3891f0000c85511ed766e5de6b47ceab5e43a0e2516bb4fe8f9c1b65	2026-03-04
FileHash-SHA1	d4f1a2369596af672dce1dded82c889140feb0fe	SHA1 of 158369ad66ea4baceee19051425c21f657ffc1b3483ea812323816b612f324bd	2026-03-04
FileHash-SHA1	d58de2427a3b2084aba1845977c3007c4a33553a	SHA1 of 3073e7cb8d5e2bbc570d2db90735e1bde485e1c09e57a3e6786f7262d3761ad6	2026-03-04
FileHash-SHA1	d75fd7437eceeffd8cf2228f475baebb2f9e343a	SHA1 of cd76c25558e50a4f0f4ac769e4e1e56153b0eb2f0aa4a15aee9bd795e006cb94	2026-03-04
FileHash-SHA1	df10c6e1512fdd30ceee3a388ea816763218208a	SHA1 of f6e7341ab412ef16076901ea5835f61fbc3e94d0b9f2813355576bad57376f29	2026-03-04
FileHash-SHA1	e227666c4823f6f1bd0a5cb1656baa374f5ec45a	SHA1 of ff7300280507ba4cd60a544cf1abf4bd005c3337cce1843bcb8519d4a379739e	2026-03-04
FileHash-SHA1	e4222c2405fc3abf7079bdaa6d4ddac87ca7435a	SHA1 of 9a46c8d884f4c59701d3af7bead1e099e3ddeb1e2b75f98756cc5403d88bd370	2026-03-04
FileHash-SHA1	e56a02a4667cd36aa529a782eaed3d037de52699	SHA1 of d8e07214cbc8fae34e14c8e45c63ef3d968ce47cf0e01efd8d2b2a0091e5d2f2	2026-03-04
FileHash-SHA1	ebccec9073972a5f50e1e1017b12f5d3c3296e27	SHA1 of e4e51e4a5afd15d254713d72e6525b72dd992aab91c8c19ba1487c35ee951cbe	2026-03-04
FileHash-SHA1	eccbed9fc255b4af3de3cdf4a1756f2f1a48e417	SHA1 of 16f2061c05939dab99f279a5fd712093ba711f9074b538c83d0956351e3b618f	2026-03-04
FileHash-SHA1	edfd98fabcd5571f6281385707007e36f922578e	SHA1 of 2ba8b7ba45032c747065462728616a5f874fe78e58ce336c9214fee7b7066d66	2026-03-04
FileHash-SHA1	f379624c2357477a37026e904fdc2c941f7c4bec	SHA1 of aa8a23249fbc943bdfb175ab67b3cd605a5db42da1db12d8c9a4384abc1ccb8c	2026-03-04
FileHash-SHA1	f75d94b0e6cbc3cfab75056b1a1d4d10457244a1	SHA1 of 874db4ca5db163b737878830554592cdcf8b4deff6a8861b863e036507f66940	2026-03-04
FileHash-SHA1	fcfe02cf6d17ccfdd1818350d2fa523a2886178c	SHA1 of 2f51b3ee72ea3ae2dcfbc4d0544ee21c2343ede86baef5b621c59ef680d95f7d	2026-03-04

References (1)

↗ https://www.intrinsec.com/wp-content/uploads/2026/02/TLP-CLEAR-AuraStealer-EN.pdf