a310logger

General

Target

YTHK21082400.exe
Size

6KB
Sample

210927-rhadpahbf6
MD5

3ffff737bfe1a900b328599fe9da58b6
SHA1

64a930f90248f8e1702fc29a40860081076a7b38
SHA256

d27b2ee1f364b72f66ea452754cf56477c5028ab5c6ad0041fb97d9c40506639
SHA512

570813e30b91a93f916ec078b3aa2076062e8d2ca22f5b63fdc9708f86ce7444bc2d78f84e4d40ba349feb52133e8581ad3b7fc32cef44ead5c26f9d1e5fe984

Score

10^/10

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
mail.enche.com
Port:
587
Username:
[email protected]
Password:
Merchandise08012021

Targets

- Target
  
  YTHK21082400.exe
- Size
  
  6KB
- MD5
  
  3ffff737bfe1a900b328599fe9da58b6
- SHA1
  
  64a930f90248f8e1702fc29a40860081076a7b38
- SHA256
  
  d27b2ee1f364b72f66ea452754cf56477c5028ab5c6ad0041fb97d9c40506639
- SHA512
  
  570813e30b91a93f916ec078b3aa2076062e8d2ca22f5b63fdc9708f86ce7444bc2d78f84e4d40ba349feb52133e8581ad3b7fc32cef44ead5c26f9d1e5fe984
Score

10^/10

a310logger blustealer collection spyware stealer
- A310logger
  A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware a310logger
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- A310logger Executable
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

BluStealer

A310logger Executable

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Reads local data of messenger clients

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2