General
-
Target
525c7562.exe
-
Size
392KB
-
Sample
220328-wtgpcsdag9
-
MD5
cb2378c76f2e317525717d7650443c9e
-
SHA1
4fafea299cc6a48a7e8823a32139e8632a72ea8f
-
SHA256
525c7562d9f07b07e1bf4a92543ab81576abc61c2ea074f82426b5f0f54df2ec
-
SHA512
67a4c1a620feca6f814427467a1a62f7246a72a65c3f1c74eef5ef37a2cccd39be21535734819f762c58f06ac2da2a2e5285c2aee186e025c73cb2701b2cd763
Static task
static1
Behavioral task
behavioral1
Sample
525c7562.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
525c7562.exe
Resource
win10v2004-20220310-en
Malware Config
Targets
-
-
Target
525c7562.exe
-
Size
392KB
-
MD5
cb2378c76f2e317525717d7650443c9e
-
SHA1
4fafea299cc6a48a7e8823a32139e8632a72ea8f
-
SHA256
525c7562d9f07b07e1bf4a92543ab81576abc61c2ea074f82426b5f0f54df2ec
-
SHA512
67a4c1a620feca6f814427467a1a62f7246a72a65c3f1c74eef5ef37a2cccd39be21535734819f762c58f06ac2da2a2e5285c2aee186e025c73cb2701b2cd763
-
A310logger
A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
A310logger Executable
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-