a310logger | 2b6b5926ec7e5d6acea355bbd8f43a89850ed85e0c3739edfad2608ead9f1573 | Triage

Submit
Reports

Overview

overview

Static

static

doc3723636...44.exe

windows7_x64

doc3723636...44.exe

windows10_x64

Sharing

General

Target

doc3723636638837373344.exe
Size

546KB
Sample

211104-lml1dsgbg2
MD5

bb0f727180c9b29e51c9ab2a9b4c539c
SHA1

ccd4d7a83603d2471aabb0caf2e1196b9193b586
SHA256

2b6b5926ec7e5d6acea355bbd8f43a89850ed85e0c3739edfad2608ead9f1573
SHA512

ce0670de14582f900b89149cb63fdfe171d188a1a7752d72ed068e57775c54557817acd09148d93725bd52456ed901de8e6b6d0fec0d064b24b46fa8dab7e5d5

Score

10^/10

a310logger blustealer collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

doc3723636638837373344.exe

Resource

win7-en-20210920

a310logger blustealer collection spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

doc3723636638837373344.exe

Resource

win10-en-20211014

a310logger blustealer collection spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
mail.yekamuhendislik.com
Port:
587
Username:
muhasebe@yekamuhendislik.com
Password:
MuhasebE123*

Targets

- Target
  
  doc3723636638837373344.exe
- Size
  
  546KB
- MD5
  
  bb0f727180c9b29e51c9ab2a9b4c539c
- SHA1
  
  ccd4d7a83603d2471aabb0caf2e1196b9193b586
- SHA256
  
  2b6b5926ec7e5d6acea355bbd8f43a89850ed85e0c3739edfad2608ead9f1573
- SHA512
  
  ce0670de14582f900b89149cb63fdfe171d188a1a7752d72ed068e57775c54557817acd09148d93725bd52456ed901de8e6b6d0fec0d064b24b46fa8dab7e5d5
Score

10^/10

a310logger blustealer collection spyware stealer
- A310logger
  A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware a310logger
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- A310logger Executable
- Executes dropped EXE
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

a310loggerblustealercollectionspywarestealer

behavioral2

a310loggerblustealercollectionspywarestealer

© 2018-2024

Terms | Privacy