MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1104b201580461c0319cf6fb65b219a56093ff425a8788758be9949242cea2e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

a310Logger

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	1104b201580461c0319cf6fb65b219a56093ff425a8788758be9949242cea2e4
SHA3-384 hash:	4bffb106f741e9b72ef9ffc8ceba4a999a028359fd86dd3390629652fe477f5ce4ab2afc0894fb8e692d17bd9b6fff97
SHA1 hash:	000758cd5397685aac17d568e95870e1bf043675
MD5 hash:	ad9354f45377d8cedc5ab0cc1e239390
humanhash:	hawaii-snake-jupiter-pennsylvania
File name:	ad9354f45377d8cedc5ab0cc1e239390.exe
Download:	download sample
Signature	a310Logger Create hunting rule
File size:	377'344 bytes
First seen:	2021-08-26 12:39:27 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ef471c0edf1877cd5a881a6a8bf647b9 (71 x Formbook, 33 x Loki, 29 x Loda)
ssdeep	6144:44XrK9PX7Fp6Gh2wWRGl0EDDf1PisZQ5rAGQwg1QtP1f4paaYlsdcaMJEdbI0Pz6:nXe9PPlowWX0t6mOQwg1Qd15CcYk0Weq
Threatray	1'087 similar samples on MalwareBazaar
TLSH	T16C84124548C4CCE6E71AB371D0B3CF5819A57832CCD56B689758EA2EB870343B853A6F
dhash icon	aae2f3e38383b629 (2'034 x Formbook, 1'183 x CredentialFlusher, 666 x AgentTesla)
Reporter	abuse_ch
Tags:	a310logger exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

150

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

1598347620bbb0bdc4ef6241fb3f094deb1779f2.docx

Verdict:

Malicious activity

Analysis date:

2021-08-26 12:37:41 UTC

Tags:

generated-doc opendir exploit CVE-2017-11882 loader

Link:

https://app.any.run/tasks/d71fe3fa-d0ee-4f81-93cb-a17e5ad7a8e4

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/182637/

Detection(s):

PUA.Win.Packer.Upolyx-12

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

DNS request

Connection attempt

Sending a custom TCP request

Sending an HTTP GET request

Sending a UDP request

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/4ada52d1-3ad4-4d12-9a37-707286e83b1b

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/839898

Signature

AutoIt script contains suspicious strings

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1104b201580461c0319cf6fb65b219a56093ff425a8788758be9949242cea2e4/

Threat name:

Win32.Trojan.Nymeria

Status:

Malicious

First seen:

2021-08-26 09:24:03 UTC

AV detection:

12 of 25 (48.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cecleakyarq4amm4635wlmqzuvqjh72clkdyq5ml5gkjeqwoulsa._file

Verdict:

malicious

Similar samples:

0f3dd18c562054da9edf8c427370c1455f5882d455ca21e8f2ed2cff9d70472c

17d901ea338cf7b487226ebd86f963023ce246d9f3aaa973f6d15c44cb01907d

1c4cf94d38837e40ac5654711ef04cf7f2e07a66c065c46955d92d0d95089d90

2c9f9b7441e5626155e10dfdd98926a04653454723069560bebe6d07a7d1d405

378a43b4576b7d9a7bf424295f83cee901ad8347351285a3dc0708d78312a4cc

71335267a0a48bbcf678e354b421445d3db926ec5dd9b40c2a004cebb9b166f0

89887d6a5f728886bc9f6012606918246c91ecafe903777f4fcda168217e9a5e

a7a1a43d30f2cb7ee32934670de804b7a2c2961e2ef950339438eab91b1e438b

f3037e5e047b6bfbfb11c453d1d836217e8c7ec606eacce69dfe31bf8b260821

ff3168baecb6c9afcaeaf4d557d814522a197183c8930da3832465f2f5b3963b

+ 1'077 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

upx

Link:

https://tria.ge/reports/210826-wxq79t13fx/

Behaviour

Modifies system certificate store

Enumerates physical storage devices

Unpacked files

SH256 hash:

31da29f80e2342d8e74d3b56e37063629d1f48068814c2e8ae9005690b8b917c

MD5 hash:

d7ae0fb43bdb2ba4bbcee503e0a81e3f

SHA1 hash:

774cc88546caedf83973f22ed5cc2642c6b750da

Link:

https://www.unpac.me/results/734f9c78-507c-42be-80f2-125e35ba09b9/

SH256 hash:

1104b201580461c0319cf6fb65b219a56093ff425a8788758be9949242cea2e4

MD5 hash:

ad9354f45377d8cedc5ab0cc1e239390

SHA1 hash:

000758cd5397685aac17d568e95870e1bf043675

Link:

https://www.unpac.me/results/734f9c78-507c-42be-80f2-125e35ba09b9/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.85

Link:

https://yomi.yoroi.company/submissions/1104b201580461c0319cf6fb65b219a56093ff425a8788758be9949242cea2e4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/182637/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample