General
-
Target
YTHK21082400.exe
-
Size
6KB
-
Sample
210927-rhadpahbf6
-
MD5
3ffff737bfe1a900b328599fe9da58b6
-
SHA1
64a930f90248f8e1702fc29a40860081076a7b38
-
SHA256
d27b2ee1f364b72f66ea452754cf56477c5028ab5c6ad0041fb97d9c40506639
-
SHA512
570813e30b91a93f916ec078b3aa2076062e8d2ca22f5b63fdc9708f86ce7444bc2d78f84e4d40ba349feb52133e8581ad3b7fc32cef44ead5c26f9d1e5fe984
Malware Config
Extracted
blustealer
Protocol: smtp- Host:
mail.enche.com - Port:
587 - Username:
[email protected] - Password:
Merchandise08012021
Targets
-
-
Target
YTHK21082400.exe
-
Size
6KB
-
MD5
3ffff737bfe1a900b328599fe9da58b6
-
SHA1
64a930f90248f8e1702fc29a40860081076a7b38
-
SHA256
d27b2ee1f364b72f66ea452754cf56477c5028ab5c6ad0041fb97d9c40506639
-
SHA512
570813e30b91a93f916ec078b3aa2076062e8d2ca22f5b63fdc9708f86ce7444bc2d78f84e4d40ba349feb52133e8581ad3b7fc32cef44ead5c26f9d1e5fe984
Score10/10-
A310logger
A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
BluStealer
A Modular information stealer written in Visual Basic.
-
A310logger Executable
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-