General

  • Target

    S00136402127536662.exe

  • Size

    588KB

  • Sample

    211028-rezjeagean

  • MD5

    1aad026baeaab0069ec257c151924481

  • SHA1

    e5f45813bb9baba4050bd3648851336470413f74

  • SHA256

    072285efab7216ad4a718dfc4208984dd2726c5357e71e5a9aac8ae7470b21d5

  • SHA512

    44636d5d298c5fab28a4fce3b765bb81809f8894fbec07a81890b5357361089a6fdbe164fa3c48db5b73390b8877e20c08568adf7958ba6bad0cb6d9e13b2198

Malware Config

Targets

    • Target

      S00136402127536662.exe

    • Size

      588KB

    • MD5

      1aad026baeaab0069ec257c151924481

    • SHA1

      e5f45813bb9baba4050bd3648851336470413f74

    • SHA256

      072285efab7216ad4a718dfc4208984dd2726c5357e71e5a9aac8ae7470b21d5

    • SHA512

      44636d5d298c5fab28a4fce3b765bb81809f8894fbec07a81890b5357361089a6fdbe164fa3c48db5b73390b8877e20c08568adf7958ba6bad0cb6d9e13b2198

    • A310logger

      A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • suricata: ET MALWARE a310Logger Stealer Exfil (SMTP)

      suricata: ET MALWARE a310Logger Stealer Exfil (SMTP)

    • A310logger Executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks