General

  • Target

    ChromeRecovery.exe

  • Size

    67KB

  • Sample

    210824-hjckda27ca

  • MD5

    b3d0b8c065ad75dfd646829bc7c87735

  • SHA1

    629655f03b356ad46ae106855eb004c7be7098c0

  • SHA256

    61560f470822a249950e3d35574aae0ee9c93da31c1fd6f001c0cec97069a4fb

  • SHA512

    81539089391fb7aad33450a37ab57ec4a13c544a70ead868bc89f4e5d3d81dd948b4ea82c9ba1a780e03dfee608839b6acf2868f0ff6c0fc0fd2ef2fd6cf766e

Malware Config

Targets

    • Target

      ChromeRecovery.exe

    • Size

      67KB

    • MD5

      b3d0b8c065ad75dfd646829bc7c87735

    • SHA1

      629655f03b356ad46ae106855eb004c7be7098c0

    • SHA256

      61560f470822a249950e3d35574aae0ee9c93da31c1fd6f001c0cec97069a4fb

    • SHA512

      81539089391fb7aad33450a37ab57ec4a13c544a70ead868bc89f4e5d3d81dd948b4ea82c9ba1a780e03dfee608839b6acf2868f0ff6c0fc0fd2ef2fd6cf766e

    • A310logger

      A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • A310logger Executable

    • Executes dropped EXE

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks