Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
15-01-2024 01:48
Behavioral task
behavioral1
Sample
5bd21f7284be33d64ad3bf5d8a3451c1.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
5bd21f7284be33d64ad3bf5d8a3451c1.exe
Resource
win10v2004-20231215-en
General
-
Target
5bd21f7284be33d64ad3bf5d8a3451c1.exe
-
Size
687KB
-
MD5
5bd21f7284be33d64ad3bf5d8a3451c1
-
SHA1
3352f0aac96baf7a92a5fce411e6ff113c3faa48
-
SHA256
94cc127463d03b9a48943c7e034d0859b60968ac7b86d1fbbd3e3ca6b36677d8
-
SHA512
525623417de1a24158ceb9a7e8262832dd2ab694f0fac5a0537f15444f5a27d747f1dee60725d0fe9e58d0ddf1f6e963bb6d6efb46801c91776b4114151f3671
-
SSDEEP
12288:gcEZadB74YDfjgbmeNMuUZiiA2COmv/90AQL0W:gzabLDSmsUtyV90DL3
Malware Config
Signatures
-
A310logger
A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
A310logger Executable 1 IoCs
resource yara_rule behavioral1/memory/1364-0-0x0000000000B40000-0x0000000000BF2000-memory.dmp a310logger -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 5bd21f7284be33d64ad3bf5d8a3451c1.exe Key opened \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 5bd21f7284be33d64ad3bf5d8a3451c1.exe Key opened \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 5bd21f7284be33d64ad3bf5d8a3451c1.exe -
outlook_office_path 1 IoCs
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 5bd21f7284be33d64ad3bf5d8a3451c1.exe -
outlook_win_path 1 IoCs
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 5bd21f7284be33d64ad3bf5d8a3451c1.exe