General
-
Target
6628819927788177272-DEKONT.z
-
Size
506KB
-
Sample
211029-xwtx5safel
-
MD5
bbfd61990c777de919e74c84c51455c2
-
SHA1
5c818f84ea392f3ef9849bfe72f79effc036f00c
-
SHA256
596c6b2dd0bb2d17c1586d3f9c50634d8a4bf6c797d8e56c64c413074054c3ba
-
SHA512
f30eea22fb43104ae2a5416b4677a99db1baf76437be92ab33914a1e64068ad0145047d1c4c971c3864c935a98fe2ec0807d5009f81134cc98f41b38f564cad8
Malware Config
Targets
-
-
Target
6628819927788177272-DEKONT.exe
-
Size
561KB
-
MD5
ffe72c0b077d5f676be820489ecec81a
-
SHA1
cde15eab3928df21425863da28c42dd34b708f4e
-
SHA256
675b0dff6f40d1838f3e386abdb322f9491069f7b57a9fc1dd33fde9805d923b
-
SHA512
c4e475affe7225e77ef7f14acedd4ff14e37cab7efe792c85a8b60d3943e1662daa5a7bd42a2cb42a5dfe6962be6d512821a9126c791b9761bdef0cdf1fba03c
Score10/10-
A310logger
A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
suricata: ET MALWARE a310Logger Stealer Exfil (SMTP)
suricata: ET MALWARE a310Logger Stealer Exfil (SMTP)
-
A310logger Executable
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-