MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6fee9f1310773dcc20eb44579b51e364adb37d89ef15e0b1bcb115e2ed4bed78. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

a310Logger

Vendor detections: 9

Intelligence 9 IOCs YARA 3 File information Comments

SHA256 hash:	6fee9f1310773dcc20eb44579b51e364adb37d89ef15e0b1bcb115e2ed4bed78
SHA3-384 hash:	ce905fd299d4a4f85240eeb9acbe1fd13d8d5903e4b0304670dbab3710c09f7c8a21e997bce6c98a4845ace351e1d3ac
SHA1 hash:	65f29c0e198df9fb61c059041080f7117599ddda
MD5 hash:	92f354c4c58162c6eecb418ef502b88b
humanhash:	nine-muppet-failed-sixteen
File name:	file
Download:	download sample
Signature	a310Logger Create hunting rule
File size:	462'848 bytes
First seen:	2022-10-27 22:23:47 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	984a9c61556602ba9aa264591611833f (1 x a310Logger)
ssdeep	12288:/5PcvVUqeNw0f4CZEhSzjf2GkfjYKkJj6GmZU:dcdleN3lgGk7Yb6nZ
Threatray	51 similar samples on MalwareBazaar
TLSH	T125A44A2AE651722AF193C9B1BAA4935B6825BE371140AC1BF7C16B4732711D3A4F133F
TrID	51.9% (.EXE) Win32 Executable Microsoft Visual Basic 6 (82067/2/8) 17.1% (.EXE) UPX compressed Win32 Executable (27066/9/6) 16.8% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4) 4.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 3.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):
dhash icon	1003873d31213f10 (142 x DarkCloud, 132 x GuLoader, 35 x a310Logger)
Reporter	jstrosch
Tags:	a310logger exe

Intelligence

File Origin

# of uploads :

# of downloads :

283

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

file

Verdict:

No threats detected

Analysis date:

2022-10-28 01:11:11 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/04e1a143-7cfc-48d0-b562-534ef803c540

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

A310Logger

Link:

https://www.capesandbox.com/analysis/325234/

Detection(s):

PUA.Win.Packer.ProtectSharewar-2

PUA.Win.Packer.ProtectSharewar-3

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a window

Creating a file in the system32 subdirectories

Creating a file

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/27d2f10a-a560-411b-8ed2-08cc0d05d596

Result

Threat name:

BluStealer, DarkCloud

Detection:

malicious

Classification:

rans.troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1099873

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6fee9f1310773dcc20eb44579b51e364adb37d89ef15e0b1bcb115e2ed4bed78/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2022-09-29 03:22:39 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

24 of 26 (92.31%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=n7xj6eyqo464yihlirlzwupdmsw3g7mj54k6bmn4wek6f3kl5v4a._file

Verdict:

malicious

a310Logger

45969e23492b09bf7e761590493dc169570c2c4d66b20a523e20ea923d2b6070

a310Logger

709d1d9f1e0485cca2cdad3fe16fa9992a2dd07b2310a98dc65066530d4033fe

a310Logger

796b93e1306888ffa8b48c29ff68dee8f6bb7d1fb0b96beb0ba3fd3b3d0f801d

a310Logger

9019f864f67c5bc5b4ddf02e65d4aebf7a959b629cc81810e673d45358869fce

a310Logger

961b20b6682e39499633988483364d3bf730e76e51ee8d15da9dcf46da2a89e7

a310Logger

b6d935515f1a5952779211a0765660be792f55b359cbd1c73fbc5441f391e8e4

a310Logger

d476dd03b89f907816cb87f2182926791494de65269e1b82356c61a7350e1fad

a310Logger

fae591d3e1cea136791a06b8c59265af25eccf0d30b8500c9e8c664708e1937a

a310Logger

+ 41 additional samples on MalwareBazaar

Result

Malware family:

darkcloud

Score:

10/10

Tags:

family:darkcloud

Link:

https://tria.ge/reports/221027-2bc64sdgb6/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Unpacked files

SH256 hash:

6fee9f1310773dcc20eb44579b51e364adb37d89ef15e0b1bcb115e2ed4bed78

MD5 hash:

92f354c4c58162c6eecb418ef502b88b

SHA1 hash:

65f29c0e198df9fb61c059041080f7117599ddda

Link:

https://www.unpac.me/results/2dad2116-bdaf-411f-9b3d-02dded3c29b9/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.20

Link:

https://yomi.yoroi.company/submissions/6fee9f1310773dcc20eb44579b51e364adb37d89ef15e0b1bcb115e2ed4bed78

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	INDICATOR_SUSPICIOUS_Binary_References_Browsers Create hunting rule
Author:	ditekSHen
Description:	Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Rule name:	INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore Create hunting rule
Author:	ditekSHen
Description:	Detects executables containing SQL queries to confidential data stores. Observed in infostealers

Rule name:	MALWARE_Win_A310Logger Create hunting rule
Author:	ditekSHen
Description:	Detects A310Logger

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

a310Logger

exe 6fee9f1310773dcc20eb44579b51e364adb37d89ef15e0b1bcb115e2ed4bed78

(this sample)

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/325234/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample