Analysis
-
max time kernel
91s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
15-01-2024 01:48
General
-
Target
5bd21f7284be33d64ad3bf5d8a3451c1.exe
-
Size
687KB
-
MD5
5bd21f7284be33d64ad3bf5d8a3451c1
-
SHA1
3352f0aac96baf7a92a5fce411e6ff113c3faa48
-
SHA256
94cc127463d03b9a48943c7e034d0859b60968ac7b86d1fbbd3e3ca6b36677d8
-
SHA512
525623417de1a24158ceb9a7e8262832dd2ab694f0fac5a0537f15444f5a27d747f1dee60725d0fe9e58d0ddf1f6e963bb6d6efb46801c91776b4114151f3671
-
SSDEEP
12288:gcEZadB74YDfjgbmeNMuUZiiA2COmv/90AQL0W:gzabLDSmsUtyV90DL3
Malware Config
Signatures
-
A310logger
A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
A310logger Executable 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
-
outlook_office_path 1 IoCs
-
outlook_win_path 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5bd21f7284be33d64ad3bf5d8a3451c1.exe"C:\Users\Admin\AppData\Local\Temp\5bd21f7284be33d64ad3bf5d8a3451c1.exe"1⤵
- Accesses Microsoft Outlook profiles
- outlook_office_path
- outlook_win_path
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\credentials.txtFilesize
691B
MD5055c857272026583a61e1b5821c69a24
SHA1ec39d34f16487682801dd2b319554cbed57feca4
SHA256190db16bb64995e3bdea04b9e6fc1994dacfea3253a7559732205b1d41362b84
SHA512d7833c4651683e95959107e05b07b60d2e963b9fbecd0106b329e2087d1dfc9aedb962b334e22b6b462699cbce86097d4d50ce5d1310ad098e3531efaa4e204b
-
memory/3016-0-0x0000000000960000-0x0000000000A12000-memory.dmpFilesize
712KB
-
memory/3016-1-0x00007FFE613E0000-0x00007FFE61EA1000-memory.dmpFilesize
10.8MB
-
memory/3016-8-0x00007FFE613E0000-0x00007FFE61EA1000-memory.dmpFilesize
10.8MB