MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 844f97490d18394f1ded6f22c04c9cbdcc9a07ec9c82fadc96e9566c13d74e0d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


a310Logger


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 844f97490d18394f1ded6f22c04c9cbdcc9a07ec9c82fadc96e9566c13d74e0d
SHA3-384 hash: e0db5b3adc1778fbcf7dbb583868a9b1d9464ee56355c0d17ce0544d31fb8bce83caca43a086904a76900f1068234b81
SHA1 hash: e6e7388b3fde68bac0c4a01cbb6c0d5cf04369bb
MD5 hash: 1edad3436ff643f397f12a6aa55fcd7a
humanhash: lamp-bacon-maryland-seven
File name:Revised Order.z
Download: download sample
Signature a310Logger
Create hunting rule
File size:527'238 bytes
First seen:2022-08-16 14:59:42 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:jkEY1mUTNcPd05MecYp3RLXPNkWXKavjmQHOl3iIJhQNX6aN0z05sK:jAEUD/c8RbCWXK0aiIJgXGzSsK
TLSH T1A9B423E2DADC7171BF039ABE8BD03129E4493D069C432EC7129DAFFA453643A6677442
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:a310logger z zip


Avatar
cocaman
Malicious email (T1566.001)
From: "SALES RUSHABH <info@asilgrouptr.com>" (likely spoofed)
Received: "from asilgrouptr.com (unknown [208.67.105.200]) "
Date: "12 Aug 2022 07:22:22 +0200"
Subject: "Re: Revised order #205745"
Attachment: "Revised Order.z"

Intelligence

File Origin
# of uploads :
1
# of downloads :
253
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs838.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.PWS.Siggen3.21102.29879.18923.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed unknown
Link:
https://www.filescan.io/uploads/62fbb0f77a5eee504811211b/reports/0c3dbb8a-f586-433e-923f-da77177d0899/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/844f97490d18394f1ded6f22c04c9cbdcc9a07ec9c82fadc96e9566c13d74e0d
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/844f97490d18394f1ded6f22c04c9cbdcc9a07ec9c82fadc96e9566c13d74e0d/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-08-12 15:39:30 UTC
File Type:
Binary (Archive)
Extracted files:
84
AV detection:
24 of 40 (60.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qrhzosinda4u6hpnn4rmate4xxgjub7mtsbpvxew5flgye6xjygq._file
Result
Malware family:
stormkitty
Create hunting rule
Score:
  10/10
Tags:
family:blustealer family:stormkitty collection stealer
Link:
https://tria.ge/reports/220816-sdblmaadcq/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
BluStealer
StormKitty
StormKitty payload
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
iSpy Keylogger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/844f97490d18394f1ded6f22c04c9cbdcc9a07ec9c82fadc96e9566c13d74e0d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

a310Logger

zip 844f97490d18394f1ded6f22c04c9cbdcc9a07ec9c82fadc96e9566c13d74e0d

(this sample)

a310Logger

Executable exe 6566cde4ba73cc0316c3de8c2c23c90aa6f76bd4d824d45b5b5c1d23d2655d16

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6566cde4ba73cc0316c3de8c2c23c90aa6f76bd4d824d45b5b5c1d23d2655d16
  
Dropping
a310Logger

Comments