Overview

overview

10

Static

static

6628819927...NT.exe

windows7_x64

10

6628819927...NT.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6628819927788177272-DEKONT.z

  • Size

    506KB

  • Sample

    211029-xwtx5safel

  • MD5

    bbfd61990c777de919e74c84c51455c2

  • SHA1

    5c818f84ea392f3ef9849bfe72f79effc036f00c

  • SHA256

    596c6b2dd0bb2d17c1586d3f9c50634d8a4bf6c797d8e56c64c413074054c3ba

  • SHA512

    f30eea22fb43104ae2a5416b4677a99db1baf76437be92ab33914a1e64068ad0145047d1c4c971c3864c935a98fe2ec0807d5009f81134cc98f41b38f564cad8

Score
10/10
a310loggercollectionspywarestealersuricata

Malware Config

Targets

    • Target

      6628819927788177272-DEKONT.exe

    • Size

      561KB

    • MD5

      ffe72c0b077d5f676be820489ecec81a

    • SHA1

      cde15eab3928df21425863da28c42dd34b708f4e

    • SHA256

      675b0dff6f40d1838f3e386abdb322f9491069f7b57a9fc1dd33fde9805d923b

    • SHA512

      c4e475affe7225e77ef7f14acedd4ff14e37cab7efe792c85a8b60d3943e1662daa5a7bd42a2cb42a5dfe6962be6d512821a9126c791b9761bdef0cdf1fba03c

    Score
    10/10
    a310loggercollectionspywarestealersuricata

    • A310logger

      A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

      stealerspywarea310logger

    • suricata: ET MALWARE a310Logger Stealer Exfil (SMTP)

      suricata: ET MALWARE a310Logger Stealer Exfil (SMTP)

      suricata

    • A310logger Executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks