MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a2c55fbe2221388774d27da453bd8f52d55732edf1099daa831754d35a96eee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


a310Logger


Vendor detections: 17


Intelligence 17 IOCs YARA 24 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a2c55fbe2221388774d27da453bd8f52d55732edf1099daa831754d35a96eee
SHA3-384 hash: 0dd1971aa355cecd0325a0a13ff27cb7ab7d76c7182c01ced3b125a4c4ed19320f07167ef182de73ff6343c962ecd5b3
SHA1 hash: c376d89b0ef2c17dd539f1d589843d38fd9b3f59
MD5 hash: 0c99f53d5ef0ebee71902ecec7df19ba
humanhash: princess-mountain-oven-rugby
File name:6a2c55fbe2221388774d27da453bd8f52d55732edf1099daa831754d35a96eee
Download: download sample
Signature a310Logger
Create hunting rule
File size:1'394'688 bytes
First seen:2025-11-06 10:28:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:Wj7x8JkotF1kNn6FWglNNZUE2rIfIpCAKy6S4OrITZ9O31SI0qbFy:uakckEFWGHlAsAKy6SrrejO31SYF
TLSH T1475523C87615CA17C49247B80A31F37852789FA8E400D7A67FD87EABBDB9F2458045E3
TrID 69.7% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.0% (.EXE) Win64 Executable (generic) (10522/11/4)
6.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.2% (.EXE) Win32 Executable (generic) (4504/4/1)
1.9% (.EXE) Win16/32 Executable Delphi generic (2072/23)
Magika pebin
Reporter adrian__luca
Tags:a310logger exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
HU HU
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Purchase Order-Proposal _DATED 14.10.2025.scr
Verdict:
Malicious activity
Analysis date:
2025-10-14 04:50:41 UTC
Tags:
m0yv sinkhole darkcloud
Link:
https://app.any.run/tasks/b9778e50-5184-4e9e-be39-640ff8ace7b4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
DarkCloud
Create hunting rule
Link:
https://www.capesandbox.com/analysis/35736/
Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=690c788bea0f3e915c237f5c
Tags:
virus spawn shell
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Creating a window
Creating a process with a hidden window
Launching a process
Creating a file
Сreating synchronization primitives
Creating a file in the %AppData% directory
Modifying a system executable file
Launching a service
Searching for synchronization primitives
Loading a system driver
Enabling autorun for a service
Query of malicious DNS domain
Adding an exclusion to Microsoft Defender
Unauthorized injection to a system process
Infecting executable files
Gathering data
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/6a2c55fbe2221388774d27da453bd8f52d55732edf1099daa831754d35a96eee
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-10-13T22:44:00Z UTC
Last seen:
2025-11-06T22:11:00Z UTC
Hits:
~1000
Link:
https://opentip.kaspersky.com/6a2c55fbe2221388774d27da453bd8f52d55732edf1099daa831754d35a96eee/results?tab=lookup
Malware family:
Expiro
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/44bd527f-adda-43f0-86d5-a9d1700769a9
Score:
99%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/6a2c55fbe2221388774d27da453bd8f52d55732edf1099daa831754d35a96eee
Verdict:
inconclusive
YARA:
10 match(es)
Tags:
.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.35 Win 32 Exe x86
Link:
https://app.malva.re/file/0c99f53d5ef0ebee71902ecec7df19ba
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6a2c55fbe2221388774d27da453bd8f52d55732edf1099daa831754d35a96eee/
Threat name:
Win32.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2025-10-14 02:05:49 UTC
File Type:
PE (.Net Exe)
Extracted files:
17
AV detection:
29 of 37 (78.38%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=niwfl67ceijyq52ne7neko6y6uwvk4zo34ijtwvigf2u2nnjn3xa._file
Verdict:
malicious
Label(s):
unc_loader_037
Create hunting rule
darkcloudstealer
Create hunting rule
Similar samples:
error
a310Logger
Result
Malware family:
darkcloud
Create hunting rule
Score:
  10/10
Tags:
family:darkcloud discovery execution ransomware spyware stealer
Link:
https://tria.ge/reports/251106-mjemksvnfn/
Behaviour
Checks SCSI registry key(s)
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Drops file in Program Files directory
Drops file in Windows directory
Drops file in System32 directory
Suspicious use of SetThreadContext
Enumerates connected drives
Checks computer location settings
Executes dropped EXE
Reads user/profile data of web browsers
Command and Scripting Interpreter: PowerShell
DarkCloud
Darkcloud family
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/0654c98d-fbb6-4b97-b2e9-13287b089e33
Unpacked files
SH256 hash:
6a2c55fbe2221388774d27da453bd8f52d55732edf1099daa831754d35a96eee
MD5 hash:
0c99f53d5ef0ebee71902ecec7df19ba
SHA1 hash:
c376d89b0ef2c17dd539f1d589843d38fd9b3f59
Link:
https://www.unpac.me/results/0ae80afb-1c43-4f60-9849-3a75e5149d5a/
SH256 hash:
4bf1109d02442e73198138d0f9d0fccd52caaccf5ee5bbc89c4c583b505e8dbf
MD5 hash:
3f459b435d74cbc77fcae6c1971e2f2e
SHA1 hash:
73b48dc81d87c7d29b9fc15a8c47e755e7dafdc4
Link:
https://www.unpac.me/results/0ae80afb-1c43-4f60-9849-3a75e5149d5a/
SH256 hash:
cddc25d4086d3180d66f7ab3dca1829aba87e4a5c9a3a748a058fae38e9b929a
MD5 hash:
0caed8c2a5a594afc49edb74d241ec9f
SHA1 hash:
39560418e7764ee53f665e00ff75f24caecb2e0f
Link:
https://www.unpac.me/results/0ae80afb-1c43-4f60-9849-3a75e5149d5a/
SH256 hash:
9865a0b00d3afa7b060eac6685ed36f1d2214cbf904ff451ec63b223bf6b1410
MD5 hash:
d0edea8daf8db93725c715e1b42ad082
SHA1 hash:
fecfc468a311b79253b35e1d7316b9d8a6e0f205
Link:
https://www.unpac.me/results/0ae80afb-1c43-4f60-9849-3a75e5149d5a/
SH256 hash:
c67c6ecc2dbf33b329d519c4cffdff0a44d93fbc08dab63df9d9823f8f99f517
MD5 hash:
f9252d886199a1596a181558085b1d77
SHA1 hash:
f38da9691b23632cf5136959edcbcd77cd6d1398
Link:
https://www.unpac.me/results/0ae80afb-1c43-4f60-9849-3a75e5149d5a/
SH256 hash:
541aa6e4eaad89bba16b4b08ca94ad39d0141223ada68ccd9b068513d6c16caa
MD5 hash:
2e50e5d4d8e30447ed80c8e3198eb49c
SHA1 hash:
20beca30bd325d54c4bae962e57309359ef1fced
Link:
https://www.unpac.me/results/0ae80afb-1c43-4f60-9849-3a75e5149d5a/
SH256 hash:
2eb0d76827f622d2280eb186bc19b2f46e2ac88292bc8e142dca9aa2ccad205f
MD5 hash:
7bfa9a684117e7fcbdb2d6ff97b1a1d0
SHA1 hash:
6e8ca84992cb3a71bf4038c012d1916425c6ae26
Detections:
INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_TelegramChatBot
Create hunting rule
MALWARE_Win_A310Logger
Create hunting rule
MALWARE_Win_DarkCloud
Create hunting rule
Link:
https://www.unpac.me/results/0ae80afb-1c43-4f60-9849-3a75e5149d5a/
Parent samples :
1cd07076c21df938ca1bd5c2246808a2e9000817544bec342473c8fab53525c6
7788888fd7848d1a7242ffe9ee59c95147d1427e69c099e08cffae2fa1c8835a
d5ffca1430a7af94f3bbc02893f7494b0a2b3d3cdb90c013f1946f14a26556d7
93b9a10bd711714af0a4ae073340f33dd22235b6169bbc82672dd0eeca46070d
c1817acba85fd9712b55cee789940b06e3911a589350f8021a35ab50903b0092
b7e4109f5c69a0a60796626e91ce4dae79038d3e193eed55f2da46f5217f1318
d941bd32f32b2bf5991935df25840f6e3208be2dd4b99828a3eca260a2760563
6a2c55fbe2221388774d27da453bd8f52d55732edf1099daa831754d35a96eee
SH256 hash:
b6781edd819929c2fe8b41985314c4eaed3c35ce05a61cdf911da3f09de53074
MD5 hash:
69fe9dc75c1792830f0a6d2525d05b22
SHA1 hash:
ae712836721804406194a813b91c7dd9f122d28c
Link:
https://www.unpac.me/results/0ae80afb-1c43-4f60-9849-3a75e5149d5a/
SH256 hash:
d77cc8e2e089b0a7484fbaa67336ea1dc30915dc60bca9f4f4a5c6fda9c0d04a
MD5 hash:
85cd0e12894bf250fe03b3c2710305dd
SHA1 hash:
ba4d5f95526518d18c0523075905c23d7eeabacc
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/0ae80afb-1c43-4f60-9849-3a75e5149d5a/
SH256 hash:
abdd6f31a909b0b10e30ced74a1f6f037adf1f61a8a842048dbc254d6f076169
MD5 hash:
c33a7f0e25bb3f4d3c19fc8441e9d12b
SHA1 hash:
0286b277e97b9f7c217a0d029e8144f8e20b40b9
Link:
https://www.unpac.me/results/0ae80afb-1c43-4f60-9849-3a75e5149d5a/
Malware family:
DarkCloud
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/6a2c55fbe222/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6a2c55fbe2221388774d27da453bd8f52d55732edf1099daa831754d35a96eee

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
Author:ditekSHen
Description:Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
Rule name:INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore
Create hunting rule
Author:ditekSHen
Description:Detects executables containing SQL queries to confidential data stores. Observed in infostealers
Rule name:INDICATOR_SUSPICIOUS_EXE_TelegramChatBot
Create hunting rule
Author:ditekSHen
Description:Detects executables using Telegram Chat Bot
Rule name:malware_shellcode_hash
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:detect shellcode api hash value
Rule name:MALWARE_Win_A310Logger
Create hunting rule
Author:ditekSHen
Description:Detects A310Logger
Rule name:MALWARE_Win_DarkCloud
Create hunting rule
Author:ditekSHen
Description:Detects DarkCloud infostealer
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:ProtectSharewareV11eCompservCMS
Create hunting rule
Author:malware-lu
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SEH__vba
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:telegram_bot_api
Create hunting rule
Author:rectifyq
Description:Detects file containing Telegram Bot API
Rule name:vmdetect
Create hunting rule
Author:nex
Description:Possibly employs anti-virtualization techniques
Rule name:Windows_Generic_Threat_ebf62328
Create hunting rule
Author:Elastic Security
Rule name:Windows_Trojan_DarkCloud_9905abce
Create hunting rule
Author:Elastic Security
Rule name:win_m0yv_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.m0yv.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/35736/

Comments