General

  • Target

    Parts enquiry.exe

  • Size

    792KB

  • Sample

    210830-h6eqdgwtls

  • MD5

    6a239782a002f49be71a6dfca139864c

  • SHA1

    6609a8974b80600598a64149340bad3989ecf780

  • SHA256

    722a5ea9b20e3a0b77f4f1628f763e46ccd4e87d284ac28997cec9874c479064

  • SHA512

    700385b2854878c8897a9733ac1288a67dfaa33bfeeef4a18286acfaf46e65a08cb2daec606edaee5421565e4f93508d254ae0834d466328174404db340b3b4a

Malware Config

Targets

    • Target

      Parts enquiry.exe

    • Size

      792KB

    • MD5

      6a239782a002f49be71a6dfca139864c

    • SHA1

      6609a8974b80600598a64149340bad3989ecf780

    • SHA256

      722a5ea9b20e3a0b77f4f1628f763e46ccd4e87d284ac28997cec9874c479064

    • SHA512

      700385b2854878c8897a9733ac1288a67dfaa33bfeeef4a18286acfaf46e65a08cb2daec606edaee5421565e4f93508d254ae0834d466328174404db340b3b4a

    • A310logger

      A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • A310logger Executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks