Extracted

• • Target

    a6c09767f7b9b02156bd3e4f67764e79

  • Size

    922KB

  • MD5

    a6c09767f7b9b02156bd3e4f67764e79

  • SHA1

    5aa1d0515cd9ca1802c872cd8a9354b65cef7463

  • SHA256

    2183dd8a07c328ff41cf8fedc06bdc9ec8166d6c11691cb6d379899318d8e555

  • SHA512

    5f7072604303b4bea39a1c4751e09eb8399d9a10984ba2ddb699680145c952fb71d180e3e56135d30aa9639e9f5ff3899a3e58a2b7ab5d0ec38b88f94f17aa50

  • SSDEEP

    24576:g831bHyqkkvaWB5DQaL+YFswDsd8U0Gdb:g83xjfa65DeYeCUr

  Score

  10^/10

  a310loggerblustealercollectionspywarestealer

  • A310logger

    A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    stealerspywarea310logger

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • A310logger Executable

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2