General

  • Target

    RFQ k Peikko proposal,pdf.exe

  • Size

    1.0MB

  • Sample

    210809-2kzefgtwgs

  • MD5

    b44f95c332073b28fe95157f470f8f2a

  • SHA1

    ab9265412559d4992d540aa11f05d73e4f544374

  • SHA256

    fdb6b5f3b83553b83111bd61152a4c4bd29996d778d6c118f52f01abd9435fe5

  • SHA512

    25bd35d5bd9d233d9f0bc21afa1af51c2326a252d3afe16f65a22f17ec85bd7a73529b24f4408d20aa0aec84dc79339574f4e57f1876f480bbb6b23cc5aa8f4d

Malware Config

Targets

    • Target

      RFQ k Peikko proposal,pdf.exe

    • Size

      1.0MB

    • MD5

      b44f95c332073b28fe95157f470f8f2a

    • SHA1

      ab9265412559d4992d540aa11f05d73e4f544374

    • SHA256

      fdb6b5f3b83553b83111bd61152a4c4bd29996d778d6c118f52f01abd9435fe5

    • SHA512

      25bd35d5bd9d233d9f0bc21afa1af51c2326a252d3afe16f65a22f17ec85bd7a73529b24f4408d20aa0aec84dc79339574f4e57f1876f480bbb6b23cc5aa8f4d

    • A310logger

      A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • A310logger Executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks