MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d9c058afa584eb05584fb5a1012dc013a7ebd2d9331d3269ab111e44e0a2cc2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

a310Logger

Vendor detections: 14

Intelligence 14 IOCs YARA 3 File information Comments

SHA256 hash:	2d9c058afa584eb05584fb5a1012dc013a7ebd2d9331d3269ab111e44e0a2cc2
SHA3-384 hash:	db85d56d89944e3ed3311c9cec6d206ff7bfba5ab7d6c1ac12ce86d3df73ff2c8fb8aaab37b72009511b59e67f51fe27
SHA1 hash:	034c63f7bc59df7862f138a3841b25df903cd086
MD5 hash:	f6624678093d98965d849a69795e93b3
humanhash:	illinois-pip-march-lactose
File name:	2d9c058afa584eb05584fb5a1012dc013a7ebd2d9331d3269ab111e44e0a2cc2
Download:	download sample
Signature	a310Logger Create hunting rule
File size:	955'392 bytes
First seen:	2025-11-06 11:23:16 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'205 x SnakeKeylogger)
ssdeep	12288:eQNsb9Xl748wkJrgSmm/QnnRZB6NPk0yDiw6AA2ooDa54Be3JQFlIs7XtFRMrBjS:eQNmlE8r8lRZB6NPkmoDiRkcrBjPgG
Threatray	2'657 similar samples on MalwareBazaar
TLSH	T1191512552B29D61AC9B233B1AEB1F17107B92C6AE431D20E6ED9BEDF7531F009A00743
TrID	71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 10.2% (.EXE) Win64 Executable (generic) (10522/11/4) 6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.3% (.EXE) Win32 Executable (generic) (4504/4/1) 2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika	pebin
Reporter	adrian__luca
Tags:	a310logger exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

2d9c058afa584eb05584fb5a1012dc013a7ebd2d9331d3269ab111e44e0a2cc2

Verdict:

No threats detected

Analysis date:

2025-11-06 20:53:09 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/efbc8a89-e7fc-4b12-895c-cbe96bc5b759

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

DarkCloud

Link:

https://www.capesandbox.com/analysis/36158/

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=690c8557ea0f3e915c238e9f

Tags:

virus msil

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Restart of the analyzed sample

Creating a file

Сreating synchronization primitives

Gathering data

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/2d9c058afa584eb05584fb5a1012dc013a7ebd2d9331d3269ab111e44e0a2cc2

Verdict:

Malicious

File Type:

exe x32

First seen:

2025-10-27T05:36:00Z UTC

Last seen:

2025-11-07T23:29:00Z UTC

Hits:

~1000

Link:

https://opentip.kaspersky.com/2d9c058afa584eb05584fb5a1012dc013a7ebd2d9331d3269ab111e44e0a2cc2/results?tab=lookup

Malware family:

DarkCloud

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b3573915-b9b4-438b-83db-f4e07b23261a

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/2d9c058afa584eb05584fb5a1012dc013a7ebd2d9331d3269ab111e44e0a2cc2

Verdict:

inconclusive

YARA:

5 match(es)

Tags:

.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.40 Win 32 Exe x86

Link:

https://app.malva.re/file/f6624678093d98965d849a69795e93b3

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2d9c058afa584eb05584fb5a1012dc013a7ebd2d9331d3269ab111e44e0a2cc2/

Threat name:

Win32.Backdoor.FormBook

Status:

Malicious

First seen:

2025-10-27 09:02:31 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

18 of 24 (75.00%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=fwoalcx2lbhlavme7nnbaew4ae5h5pjnsmy5gju2wei6itqkftba._file

Verdict:

malicious

Label(s):

xworm

unc_loader_037

darkcloudstealer

a310Logger

0de1bc51417ff52dbd8dea0137ce230d6ee9f0ecf5c8b8391288ac4be7f40337

a310Logger

2c3a611bea6cc4b910ba984a106510c25cfd40435ebdc45df46611603e0c1118

a310Logger

34159f583493176fa487b30736078ffbf9394ecc7b3af5386e146d0144c26117

a310Logger

39d894a43445e9c565e929ff4a83703c0db8e4b130aa0c40feb4fc1d836a4dc7

a310Logger

bfb08f6e69c9a8702f612f5c0e90599ef48c9d7270cc5a88611ff7555be2d0e1

a310Logger

+ 2'647 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

discovery

Link:

https://tria.ge/reports/251106-nhbd7swmcq/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

Suspicious use of SetThreadContext

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/3d409bc0-0ae4-4f58-a0b5-ddd314c76a3f

Unpacked files

SH256 hash:

2d9c058afa584eb05584fb5a1012dc013a7ebd2d9331d3269ab111e44e0a2cc2

MD5 hash:

f6624678093d98965d849a69795e93b3

SHA1 hash:

034c63f7bc59df7862f138a3841b25df903cd086

Link:

https://www.unpac.me/results/0ab8eba3-6867-40c4-81e7-b5f9d0a8c34c/

SH256 hash:

e5729805917100f4bef523f2df9e4bd38632f1c7be791672b7040ac0a7d2d698

MD5 hash:

bc8a90a3d22caf25da597e43929ef11e

SHA1 hash:

03875c1cbb7d2bb64d90bacd6db68d6919d92359

Detections:

darkcloudstealer

INDICATOR_SUSPICIOUS_Binary_References_Browsers

INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore

INDICATOR_SUSPICIOUS_EXE_TelegramChatBot

MALWARE_Win_A310Logger

MALWARE_Win_DarkCloud

Link:

https://www.unpac.me/results/0ab8eba3-6867-40c4-81e7-b5f9d0a8c34c/

Parent samples :

7df6b618671a3611467c87986631bfeebf6508d857f51046053f5a502e4e0684
34159f583493176fa487b30736078ffbf9394ecc7b3af5386e146d0144c26117
51f74d384687c3dd221d33c81a380a3a06637cbe394e94158e1e66fc842e6e36
2d9c058afa584eb05584fb5a1012dc013a7ebd2d9331d3269ab111e44e0a2cc2
a008bbcb7eed325eb375f6e8f3e74c72048e4d159f3b996490f73ad99b76b33e

SH256 hash:

de4417be92ed77a391491541f28ba6d9c9b25f80b0d5ddee0981daacf155b272

MD5 hash:

97eebe4da9734d560550793c178f26d0

SHA1 hash:

9398dd0644f9671c71e815deeef094db45fceb36

Detections:

SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24

SUSP_OBF_NET_Reactor_Indicators_Jan24

Link:

https://www.unpac.me/results/0ab8eba3-6867-40c4-81e7-b5f9d0a8c34c/

SH256 hash:

230a4b334eede78b31b68b845425fa9dc49742fcfc967e6fed4803135a167738

MD5 hash:

fb153dbeb6aa3d6b2cb9da7954967067

SHA1 hash:

9bf4b1fe201980548f33f1f690b54926d0d05d0a

Link:

https://www.unpac.me/results/0ab8eba3-6867-40c4-81e7-b5f9d0a8c34c/

SH256 hash:

3b75425895af4ae3186b36277553641e37ca1d620ae18d68e40d13351b54de6a

MD5 hash:

94d1531b52774dce52a89e33646d5b1d

SHA1 hash:

29bf887b025b97bd7a9e1e261852ba824234a625

Link:

https://www.unpac.me/results/0ab8eba3-6867-40c4-81e7-b5f9d0a8c34c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.85

Link:

https://yomi.yoroi.company/submissions/2d9c058afa584eb05584fb5a1012dc013a7ebd2d9331d3269ab111e44e0a2cc2

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/36158/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample