Overview

overview

10

Static

static

3

b44f95c332...18.exe

windows7-x64

10

b44f95c332...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b44f95c332073b28fe95157f470f8f2a_JaffaCakes118

  • Size

    1.0MB

  • Sample

    241130-bq8nfszpbr

  • MD5

    b44f95c332073b28fe95157f470f8f2a

  • SHA1

    ab9265412559d4992d540aa11f05d73e4f544374

  • SHA256

    fdb6b5f3b83553b83111bd61152a4c4bd29996d778d6c118f52f01abd9435fe5

  • SHA512

    25bd35d5bd9d233d9f0bc21afa1af51c2326a252d3afe16f65a22f17ec85bd7a73529b24f4408d20aa0aec84dc79339574f4e57f1876f480bbb6b23cc5aa8f4d

  • SSDEEP

    24576:TqLcMNjfhbU37ea2y1c+ExsjMW/GpsPzKnWjT9:QFhfhYa1yes4vqmnWv

Score
10/10
a310loggerblustealercollectiondiscoveryspywarestealer

Malware Config

Extracted

Family

blustealer

C2

https://api.telegram.org/bot1945669405:AAEo5Zfx9GfeIsr07vB55CuJD00-glDv8-w/sendMessage?chat_id=1890833638

Targets

    • Target

      b44f95c332073b28fe95157f470f8f2a_JaffaCakes118

    • Size

      1.0MB

    • MD5

      b44f95c332073b28fe95157f470f8f2a

    • SHA1

      ab9265412559d4992d540aa11f05d73e4f544374

    • SHA256

      fdb6b5f3b83553b83111bd61152a4c4bd29996d778d6c118f52f01abd9435fe5

    • SHA512

      25bd35d5bd9d233d9f0bc21afa1af51c2326a252d3afe16f65a22f17ec85bd7a73529b24f4408d20aa0aec84dc79339574f4e57f1876f480bbb6b23cc5aa8f4d

    • SSDEEP

      24576:TqLcMNjfhbU37ea2y1c+ExsjMW/GpsPzKnWjT9:QFhfhYa1yes4vqmnWv

    Score
    10/10
    a310loggerblustealercollectiondiscoveryspywarestealer

    • A310logger

      A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

      stealerspywarea310logger

    • A310logger family

      a310logger

    • BluStealer

      A Modular information stealer written in Visual Basic.

      stealerblustealer

    • Blustealer family

      blustealer

    • A310logger Executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks