General
-
Target
a9ad148eb1e943000ff55d94820da73c_JaffaCakes118
-
Size
762KB
-
Sample
240403-3kl12sgc5y
-
MD5
a9ad148eb1e943000ff55d94820da73c
-
SHA1
4131afbaa43d4c405e5e5c046065d12456cf8d22
-
SHA256
980ff35a7cf5a6557b96df3d9956a133163d91d1691ccf7c1b752bdc0aa4ff2b
-
SHA512
5c88f18eee0ec5e04b9f582f327f1fa125657c4ca9c6b1160ca6dcb900662f7e52529475a6867dbfecca04b69d816dd52ba99bb479fd2e6e4f7165f7af460a22
-
SSDEEP
12288:DPLhvHUfG027ace+kc49t1DmOz03ofuJaeWGnNaHUvJyaxMRdt0:bVPUl0UTKn3ofQLWGNaHURd+
Malware Config
Extracted
blustealer
Protocol: smtp- Host:
mail.enche.com - Port:
587 - Username:
[email protected] - Password:
Merchandise08012021
Targets
-
-
Target
a9ad148eb1e943000ff55d94820da73c_JaffaCakes118
-
Size
762KB
-
MD5
a9ad148eb1e943000ff55d94820da73c
-
SHA1
4131afbaa43d4c405e5e5c046065d12456cf8d22
-
SHA256
980ff35a7cf5a6557b96df3d9956a133163d91d1691ccf7c1b752bdc0aa4ff2b
-
SHA512
5c88f18eee0ec5e04b9f582f327f1fa125657c4ca9c6b1160ca6dcb900662f7e52529475a6867dbfecca04b69d816dd52ba99bb479fd2e6e4f7165f7af460a22
-
SSDEEP
12288:DPLhvHUfG027ace+kc49t1DmOz03ofuJaeWGnNaHUvJyaxMRdt0:bVPUl0UTKn3ofQLWGNaHURd+
Score10/10-
A310logger
A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
BluStealer
A Modular information stealer written in Visual Basic.
-
A310logger Executable
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-