MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e569d4ee2747b8f75d51d5610288ab639e8841905a6e8ca00955f7e42f31e27. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


a310Logger


Vendor detections: 9


Intelligence 9 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e569d4ee2747b8f75d51d5610288ab639e8841905a6e8ca00955f7e42f31e27
SHA3-384 hash: 2538dfc6ad1f4a1edef61cfb5681114db53b129b2f5840cf5704ddf9e36d4b47b7a2821c02b116296148e3dbaa8620d5
SHA1 hash: 9725c7f2773f1035740c1f07dbd5971cc4b36d9f
MD5 hash: 1a532e7318cce1a41840d183e01d71f7
humanhash: wolfram-violet-sodium-eighteen
File name:HSBC Priority Payment Advice HSBC10570950722.exe
Download: download sample
Signature a310Logger
Create hunting rule
File size:1'125'888 bytes
First seen:2022-02-17 06:45:33 UTC
Last seen:2022-02-17 08:28:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 24576:jbrlItyqLQqmtbeXHGCDus5N0XCeF2DuzKq/GgjiX4Nj0HC:jXlInQqAkxu7E4pOgjiOj0HC
Threatray 984 similar samples on MalwareBazaar
TLSH T19635D06631EF1456C3A2EBF10BD8ECBF8A6EF173120F753931C21A568766A40DA42375
Reporter abuse_ch
Tags:a310logger exe HSBC

Intelligence

File Origin
# of uploads :
2
# of downloads :
219
Origin country :
n/a
Vendor Threat Intelligence
Detection:
A310Logger
Create hunting rule
Link:
https://www.capesandbox.com/analysis/242150/
Detection(s):
SecuriteInfo.com.Trojan.Siggen16.57439.16565.16884.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Unauthorized injection to a recently created process
Creating a file
Сreating synchronization primitives
Launching a process
Reading critical registry keys
Creating a file in the %AppData% subdirectories
Stealing user critical data
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
fareit greyware obfuscated packed remote.exe replace.exe
Link:
https://www.filescan.io/uploads/620def45875593a3ccdc0d55/reports/f7a98d29-fffd-49e4-a672-95c5aa503d4b/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Result
Threat name:
SpyEx
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/941403
Signature
.NET source code contains potential unpacker
.NET source code contains very large strings
Allocates memory in foreign processes
Contains functionality to inject code into remote processes
Found malware configuration
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
Yara detected AntiVM3
Yara detected SpyEx stealer
Yara detected Telegram RAT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1e569d4ee2747b8f75d51d5610288ab639e8841905a6e8ca00955f7e42f31e27/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-02-17 06:46:19 UTC
File Type:
PE (.Net Exe)
Extracted files:
48
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dzlj2txcor5y65ovdvlbakekwy46rbazawtorsqasvpx4qxtdytq._file
Verdict:
malicious
Similar samples:
0a5d841597ca94b4d92207fdcfeacca708a14fc9d6a4760de32729b090830a4f
a310Logger
60fb9597e5843c72d761525f73ca728409579d81901860981ebd84f7d153cfa3
a310Logger
83972d5474a1d807a1197cdaeb64b0e190a13c6f2cd69772c847feccf1517260
a310Logger
99f8dbdf69123254d0cc94494f7ec6b9bc0c1cf649f8c01fb0997d403172f335
a310Logger
a108f3a5b8bb71cb0e4d49647a1b096d3bfff9c08b8252fa2b1dc16cb4c16d4b
a310Logger
b60b11f2b52b6dc83a2980d3e08d4b0f9795f9516105ce9c76379dfb60668c32
a310Logger
bbaf7ca0c6485b5fb9bbe829c040c3787cff702d8481e38aa9e5791e197c3a8d
a310Logger
e95005fd5b5d80158be2c72eb1a7491674394cd2b2f48c243d930467f1b93372
a310Logger
+ 974 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
collection
Link:
https://tria.ge/reports/220217-hjpekaabh4/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
Drops file in Windows directory
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Unpacked files
SH256 hash:
fc9bb9746aaa4e07944b2c1338d26ac852531a6e6c97e98f6a56202d27ff607c
MD5 hash:
d2ec533f8b40a8224d79c87c2291f943
SHA1 hash:
f305fa4c5c8525e853fbdbcf5c8cedad9ba08fd2
Link:
https://www.unpac.me/results/96faeda2-08e1-46eb-a267-4fe17db1b812/
SH256 hash:
c8858fa867fda167aedad8e34f1fc349fec04c63a73eac5cce593109318e4bd0
MD5 hash:
92ac8012b26fe7377f5de2cbea370d52
SHA1 hash:
dbfdb71c165bd0ec86b375979255678eed0a8f32
Link:
https://www.unpac.me/results/96faeda2-08e1-46eb-a267-4fe17db1b812/
SH256 hash:
3fed601f51e92a8b4770defaa9635688436f42daf1e9f7087590f501e2fe4a80
MD5 hash:
26b838c78c8f4b522f023fffa448a062
SHA1 hash:
c8b4ba3873189d0d3f567f1c80ad511bdc08a418
Link:
https://www.unpac.me/results/96faeda2-08e1-46eb-a267-4fe17db1b812/
SH256 hash:
c06b2420798c55a47d66d98a1b6f6bfe3bae9fa6a968b0b030384336e67e8750
MD5 hash:
4a445c7d289f906f9c20e58c94980f75
SHA1 hash:
bb08817dceafea02a9a7f12f96a35b8ae56ac886
Link:
https://www.unpac.me/results/96faeda2-08e1-46eb-a267-4fe17db1b812/
SH256 hash:
8394f99099988072754b0cf390154ec5f5ae9c96a1d09513dd4d35e41bdd71b9
MD5 hash:
1fd3b76159d00b3cb58fc55fa78f133c
SHA1 hash:
76d0dbd43cd0591f7d3426cce6319469decafd34
Link:
https://www.unpac.me/results/96faeda2-08e1-46eb-a267-4fe17db1b812/
SH256 hash:
cbc45df3d416a228bb83219425ee4b094c9c1facc764fc8edc6e33fe1a55f543
MD5 hash:
1bbc1016ba1eec34f3e29da8b5da71c5
SHA1 hash:
07890cd854ff443f59e710ee46f1a764f3c581d4
Link:
https://www.unpac.me/results/96faeda2-08e1-46eb-a267-4fe17db1b812/
SH256 hash:
1e569d4ee2747b8f75d51d5610288ab639e8841905a6e8ca00955f7e42f31e27
MD5 hash:
1a532e7318cce1a41840d183e01d71f7
SHA1 hash:
9725c7f2773f1035740c1f07dbd5971cc4b36d9f
Link:
https://www.unpac.me/results/96faeda2-08e1-46eb-a267-4fe17db1b812/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1e569d4ee2747b8f75d51d5610288ab639e8841905a6e8ca00955f7e42f31e27

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BitcoinAddress
Create hunting rule
Author:Didier Stevens (@DidierStevens)
Description:Contains a valid Bitcoin address
Rule name:INDICATOR_SUSPICIOUS_EXE_TelegramChatBot
Create hunting rule
Author:ditekSHen
Description:Detects executables using Telegram Chat Bot
Rule name:MALWARE_Win_A310Logger
Create hunting rule
Author:ditekSHen
Description:Detects A310Logger
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Telegram_Exfiltration_Via_Api
Create hunting rule
Author:lsepaolo

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/242150/

Comments