a310logger | fdb6b5f3b83553b83111bd61152a4c4bd29996d778d6c118f52f01abd9435fe5 | Triage

Submit
Reports

Overview

overview

Static

static

3

b44f95c332...2a.exe

windows7-x64

b44f95c332...2a.exe

windows10-2004-x64

Sharing

General

Target

b44f95c332073b28fe95157f470f8f2a
Size

1.0MB
Sample

240305-kyjhzabb4v
MD5

b44f95c332073b28fe95157f470f8f2a
SHA1

ab9265412559d4992d540aa11f05d73e4f544374
SHA256

fdb6b5f3b83553b83111bd61152a4c4bd29996d778d6c118f52f01abd9435fe5
SHA512

25bd35d5bd9d233d9f0bc21afa1af51c2326a252d3afe16f65a22f17ec85bd7a73529b24f4408d20aa0aec84dc79339574f4e57f1876f480bbb6b23cc5aa8f4d
SSDEEP

24576:TqLcMNjfhbU37ea2y1c+ExsjMW/GpsPzKnWjT9:QFhfhYa1yes4vqmnWv

Score

10^/10

a310logger blustealer collection spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b44f95c332073b28fe95157f470f8f2a.exe

Resource

win7-20240221-en

a310logger blustealer collection spyware stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

b44f95c332073b28fe95157f470f8f2a.exe

Resource

win10v2004-20240226-en

a310logger blustealer collection spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot1945669405:AAEo5Zfx9GfeIsr07vB55CuJD00-glDv8-w/sendMessage?chat_id=1890833638

Targets

- Target
  
  b44f95c332073b28fe95157f470f8f2a
- Size
  
  1.0MB
- MD5
  
  b44f95c332073b28fe95157f470f8f2a
- SHA1
  
  ab9265412559d4992d540aa11f05d73e4f544374
- SHA256
  
  fdb6b5f3b83553b83111bd61152a4c4bd29996d778d6c118f52f01abd9435fe5
- SHA512
  
  25bd35d5bd9d233d9f0bc21afa1af51c2326a252d3afe16f65a22f17ec85bd7a73529b24f4408d20aa0aec84dc79339574f4e57f1876f480bbb6b23cc5aa8f4d
- SSDEEP
  
  24576:TqLcMNjfhbU37ea2y1c+ExsjMW/GpsPzKnWjT9:QFhfhYa1yes4vqmnWv
Score

10^/10

a310logger blustealer collection spyware stealer
- A310logger
  A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware a310logger
- BluStealer
  A Modular information stealer written in Visual Basic.
  stealer blustealer
- A310logger Executable
- Executes dropped EXE
- Loads dropped DLL
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Credentials in Registry

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

a310loggerblustealercollectionspywarestealer

behavioral2

a310loggerblustealercollectionspywarestealer

© 2018-2024

Terms | Privacy