General
-
Target
Halkbank_Ekstre_20211110089273_0838736543566.exe
-
Size
762KB
-
Sample
211011-qsy95ahdbl
-
MD5
a9ad148eb1e943000ff55d94820da73c
-
SHA1
4131afbaa43d4c405e5e5c046065d12456cf8d22
-
SHA256
980ff35a7cf5a6557b96df3d9956a133163d91d1691ccf7c1b752bdc0aa4ff2b
-
SHA512
5c88f18eee0ec5e04b9f582f327f1fa125657c4ca9c6b1160ca6dcb900662f7e52529475a6867dbfecca04b69d816dd52ba99bb479fd2e6e4f7165f7af460a22
Static task
static1
Behavioral task
behavioral1
Sample
Halkbank_Ekstre_20211110089273_0838736543566.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Halkbank_Ekstre_20211110089273_0838736543566.exe
Resource
win10-en-20210920
Malware Config
Extracted
blustealer
Protocol: smtp- Host:
mail.enche.com - Port:
587 - Username:
[email protected] - Password:
Merchandise08012021
Targets
-
-
Target
Halkbank_Ekstre_20211110089273_0838736543566.exe
-
Size
762KB
-
MD5
a9ad148eb1e943000ff55d94820da73c
-
SHA1
4131afbaa43d4c405e5e5c046065d12456cf8d22
-
SHA256
980ff35a7cf5a6557b96df3d9956a133163d91d1691ccf7c1b752bdc0aa4ff2b
-
SHA512
5c88f18eee0ec5e04b9f582f327f1fa125657c4ca9c6b1160ca6dcb900662f7e52529475a6867dbfecca04b69d816dd52ba99bb479fd2e6e4f7165f7af460a22
-
A310logger
A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
suricata: ET MALWARE a310Logger Stealer Exfil (SMTP)
suricata: ET MALWARE a310Logger Stealer Exfil (SMTP)
-
A310logger Executable
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-