MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 08136c4731cc27cf9cdf29043747e3eb05b33966c826be93586b661c9ae81e25. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

a310Logger

Vendor detections: 16

Intelligence 16 IOCs YARA 4 File information Comments

SHA256 hash:	08136c4731cc27cf9cdf29043747e3eb05b33966c826be93586b661c9ae81e25
SHA3-384 hash:	9712c7d5ad38041f52bbabddb954bb4620d4cf88d0d662fb97d1a4d8d838055255b7e72a90df74b5ff65a26e2d8588cf
SHA1 hash:	a20b51aec7e7379c900444d59d0808bf92a2fcb7
MD5 hash:	d2bc8295248652cf31b0940bf87fefe2
humanhash:	charlie-black-colorado-ack
File name:	08136c4731cc27cf9cdf29043747e3eb05b33966c826be93586b661c9ae81e25
Download:	download sample
Signature	a310Logger Create hunting rule
File size:	765'952 bytes
First seen:	2025-11-06 10:44:31 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep	12288:D+STkBLQSauZ/Cx+R8SfEWky0xmv8ud29wLBKC/i8YxQ0utuuzc30OTMfw:abBM1dSfEWkN4kud4wdKDi07Af
TLSH	T128F4124867A9D501C5E227B426B1E274073E6DEAFA21E30A5FDD2CEB7877B008C54793
TrID	71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 10.2% (.EXE) Win64 Executable (generic) (10522/11/4) 6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.3% (.EXE) Win32 Executable (generic) (4504/4/1) 2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika	pebin
Reporter	adrian__luca
Tags:	a310logger exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

08136c4731cc27cf9cdf29043747e3eb05b33966c826be93586b661c9ae81e25

Verdict:

Malicious activity

Analysis date:

2025-11-06 14:41:18 UTC

Tags:

smtp darkcloud

Link:

https://app.any.run/tasks/c4e53dbe-a4bb-4cb1-8738-a8f7465715bd

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

DarkCloud

Link:

https://www.capesandbox.com/analysis/35865/

Verdict:

Malicious

Score:

99.1%

Link:

https://cyber-fortress.com/docs/result/index.php?id=690c7c2dea0f3e915c2383b3

Tags:

shell virus micro

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Сreating synchronization primitives

Creating a process with a hidden window

Unauthorized injection to a recently created process

Restart of the analyzed sample

Creating a file

Creating a file in the %AppData% subdirectories

Reading critical registry keys

Stealing user critical data

Adding an exclusion to Microsoft Defender

Gathering data

Verdict:

Malicious

Labled as:

Genie.8DN.Generic

Link:

https://www.hybrid-analysis.com/sample/08136c4731cc27cf9cdf29043747e3eb05b33966c826be93586b661c9ae81e25

Verdict:

Malicious

File Type:

exe x32

First seen:

2025-10-16T02:42:00Z UTC

Last seen:

2025-11-06T09:49:00Z UTC

Hits:

~1000

Link:

https://opentip.kaspersky.com/08136c4731cc27cf9cdf29043747e3eb05b33966c826be93586b661c9ae81e25/results?tab=lookup

Malware family:

DarkCloud

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/de31c280-e1c0-4a5e-b8cd-73ae5a3c987d

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/08136c4731cc27cf9cdf29043747e3eb05b33966c826be93586b661c9ae81e25

Verdict:

inconclusive

YARA:

5 match(es)

Tags:

.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.37 Win 32 Exe x86

Link:

https://app.malva.re/file/d2bc8295248652cf31b0940bf87fefe2

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/08136c4731cc27cf9cdf29043747e3eb05b33966c826be93586b661c9ae81e25/

Threat name:

Win32.Backdoor.FormBook

Status:

Malicious

First seen:

2025-10-16 05:33:52 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

26 of 36 (72.22%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=bajwyrzrzqt47hg7fecdor7d5mc3golgzatl5e2ynntbzgxidysq._file

Verdict:

malicious

Label(s):

unc_loader_037

darkcloudstealer

Result

Malware family:

darkcloud

Score:

10/10

Tags:

family:darkcloud discovery execution spyware stealer

Link:

https://tria.ge/reports/251106-ms4ytsaj6w/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of SetThreadContext

Checks computer location settings

Reads WinSCP keys stored on the system

Reads user/profile data of web browsers

Command and Scripting Interpreter: PowerShell

DarkCloud

Darkcloud family

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/2b85d6ff-ae75-4b7a-b9ad-79883e85c217

Unpacked files

SH256 hash:

08136c4731cc27cf9cdf29043747e3eb05b33966c826be93586b661c9ae81e25

MD5 hash:

d2bc8295248652cf31b0940bf87fefe2

SHA1 hash:

a20b51aec7e7379c900444d59d0808bf92a2fcb7

Link:

https://www.unpac.me/results/8afc06f6-ec72-4d71-9e9a-b629d28aab9d/

SH256 hash:

833d76022cc3c0a069f93dc8922e32937e795eced99c1b0546ce1182325bab77

MD5 hash:

17cd7ca5637726481b2ac1441edd7210

SHA1 hash:

2610c99bf0c8aa5eacbdb1dd5115044934824969

Detections:

SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24

SUSP_OBF_NET_Reactor_Indicators_Jan24

Link:

https://www.unpac.me/results/8afc06f6-ec72-4d71-9e9a-b629d28aab9d/

SH256 hash:

7c94952ca3b960704af781a31e5a625a2d88630a7842c16ea8d747727a1232a6

MD5 hash:

ae767453c91432e9666f70c96ec523de

SHA1 hash:

5ee3fa7bb7ed30e99980717d136626ade555ff12

Detections:

darkcloudstealer

INDICATOR_SUSPICIOUS_Binary_References_Browsers

INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store

INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore

INDICATOR_SUSPICIOUS_EXE_TelegramChatBot

INDICATOR_SUSPICIOUS_EXE_CC_Regex

MALWARE_Win_A310Logger

MALWARE_Win_DarkCloud

Link:

https://www.unpac.me/results/8afc06f6-ec72-4d71-9e9a-b629d28aab9d/

Parent samples :

aa7f31356193b7ed4e58e0ccc15635e3df06eaba6a81c0ff23bd68f17db18b87
08136c4731cc27cf9cdf29043747e3eb05b33966c826be93586b661c9ae81e25

SH256 hash:

b6781edd819929c2fe8b41985314c4eaed3c35ce05a61cdf911da3f09de53074

MD5 hash:

69fe9dc75c1792830f0a6d2525d05b22

SHA1 hash:

ae712836721804406194a813b91c7dd9f122d28c

Link:

https://www.unpac.me/results/8afc06f6-ec72-4d71-9e9a-b629d28aab9d/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/08136c4731cc27cf9cdf29043747e3eb05b33966c826be93586b661c9ae81e25

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	NETexecutableMicrosoft Create hunting rule
Author:	malware-lu

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/35865/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample