a310logger | aae211073286323b13bb03ad59c97ad540a46b7f89eb68f172d3358b5f055350 | Triage

Submit
Reports

Overview

overview

Static

static

doc3723636...44.exe

windows7_x64

doc3723636...44.exe

windows10_x64

Sharing

General

Target

doc3723636638837373344.r00
Size

511KB
Sample

211104-m9cwnsdeeq
MD5

0fdb4585a8f321beb53f8275eb4abc80
SHA1

d897b42e511218f711d40479c5fadad1a0531ecd
SHA256

aae211073286323b13bb03ad59c97ad540a46b7f89eb68f172d3358b5f055350
SHA512

533e8bce320ad26008759ac9d3ad9fe3d09d9bf5714d78ae3778c5bc5e29487a0c0d6eff120bb47d0ac38983bbf23f108910e6affb9c7d7587710a2b20854f24

Score

10^/10

a310logger blustealer collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

doc3723636638837373344.exe

Resource

win7-en-20211014

a310logger blustealer collection spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

doc3723636638837373344.exe

Resource

win10-en-20210920

blustealer stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

blustealer

Credentials

Protocol: smtp
Host:
mail.yekamuhendislik.com
Port:
587
Username:
muhasebe@yekamuhendislik.com
Password:
MuhasebE123*

Targets

- Target
  
  doc3723636638837373344.exe
- Size
  
  546KB
- MD5
  
  bb0f727180c9b29e51c9ab2a9b4c539c
- SHA1
  
  ccd4d7a83603d2471aabb0caf2e1196b9193b586
- SHA256
  
  2b6b5926ec7e5d6acea355bbd8f43a89850ed85e0c3739edfad2608ead9f1573
- SHA512
  
  ce0670de14582f900b89149cb63fdfe171d188a1a7752d72ed068e57775c54557817acd09148d93725bd52456ed901de8e6b6d0fec0d064b24b46fa8dab7e5d5
Score

10^/10

a310logger blustealer collection spyware stealer
- A310logger
  A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware a310logger
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- A310logger Executable
- Executes dropped EXE
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

a310loggerblustealercollectionspywarestealer

behavioral2

blustealerstealer

© 2018-2024

Terms | Privacy