MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a1bb869c7bc1c929b59fd85525edcbff01c2ae37047f796dcf128aa92284422c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


a310Logger


Vendor detections: 19


Intelligence 19 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a1bb869c7bc1c929b59fd85525edcbff01c2ae37047f796dcf128aa92284422c
SHA3-384 hash: 18d3cdf4f38b9c1da9e32b968e71cd5f9e98669fa3d02a582f503ab0307ab7fd88fabc982fcce9717bc8bdbb11d1732f
SHA1 hash: 8441927a76418998fd6d0d56bcc3097029c09d99
MD5 hash: 0781bcd407b61b3ab68fbd74022e446b
humanhash: harry-hawaii-double-early
File name:SecuriteInfo.com.Trojan.Siggen31.58950.24932.31504
Download: download sample
Signature a310Logger
Create hunting rule
File size:835'080 bytes
First seen:2025-09-30 16:19:22 UTC
Last seen:2025-09-30 17:18:23 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'747 x AgentTesla, 19'636 x Formbook, 12'244 x SnakeKeylogger)
ssdeep 12288:ZCcFYtFO6YfzWnlq6tn0Xc/P30GgD+As/sP6F2PgLY/uwsOAxfBEfLCzjIzvE6Uy:jYtFDuWnH3/ADTs/ibsYbcEfLGMvfT
Threatray 987 similar samples on MalwareBazaar
TLSH T15F05124523BEFB07E0A25BF405B0D33297719D89B922D3164DF6ACEFBC657802A41687
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter SecuriteInfoCom
Tags:a310logger exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.Siggen31.58950.24932.31504
Verdict:
Malicious activity
Analysis date:
2025-09-30 19:33:54 UTC
Tags:
darkcloud auto-sch-xml
Link:
https://app.any.run/tasks/81bab474-c1d2-46e3-a271-9698d2841c41

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
A310Logger
Create hunting rule
Link:
https://www.capesandbox.com/analysis/29602/
Detection(s):
SecuriteInfo.com.Trojan.Siggen31.58950.24932.31504.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68dc035e7d643f33eab8d2a9
Tags:
injection spawn shell
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %AppData% directory
Enabling the 'hidden' option for recently created files
Adding an access-denied ACE
Creating a process with a hidden window
Creating a file in the %temp% directory
Launching a process
Creating a file
Using the Windows Management Instrumentation requests
Creating a file in the %AppData% subdirectories
Reading critical registry keys
DNS request
Connection attempt
Creating a window
Сreating synchronization primitives
Forced shutdown of a system process
Stealing user critical data
Adding an exclusion to Microsoft Defender
Enabling autorun by creating a file
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
invalid-signature obfuscated packed packed packer_detected signed vbnet
Link:
https://www.filescan.io/uploads/68dc06cac564c8e81d0b0567/reports/9637a20e-05f3-4b87-b24f-0461d2a3b3d4/overview
Verdict:
Malicious
Labled as:
Genie.8DN.Generic
Link:
https://www.hybrid-analysis.com/sample/a1bb869c7bc1c929b59fd85525edcbff01c2ae37047f796dcf128aa92284422c
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-09-30T05:50:00Z UTC
Last seen:
2025-09-30T05:50:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/a1bb869c7bc1c929b59fd85525edcbff01c2ae37047f796dcf128aa92284422c/results?tab=lookup
Malware family:
DarkCloud
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/83ba15b6-8f29-4dd3-8eb4-991845a6b662
Score:
99%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/a1bb869c7bc1c929b59fd85525edcbff01c2ae37047f796dcf128aa92284422c
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a1bb869c7bc1c929b59fd85525edcbff01c2ae37047f796dcf128aa92284422c/
Verdict:
Malicious
Threat:
Family.DARKCLOUD
Link:
https://tip.neiki.dev/file/a1bb869c7bc1c929b59fd85525edcbff01c2ae37047f796dcf128aa92284422c
Threat name:
ByteCode-MSIL.Trojan.PureLogStealer
Create hunting rule
Status:
Malicious
First seen:
2025-09-30 06:47:59 UTC
File Type:
PE (.Net Exe)
Extracted files:
9
AV detection:
30 of 38 (78.95%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ug5ynhd3yhestnm73bksl3ol74a4flrxar7xs3opckfksiueiiwa._file
Verdict:
malicious
Label(s):
unc_loader_037
Create hunting rule
darkcloudstealer
Create hunting rule
Similar samples:
0e950d396f054459d624c7734c02e9357f2a0fa21bad98edc52d46169b3487eb
a310Logger
b5def5a71c2c8f07fa30379346fdd97c89bc77f8fbd5200bc41a3bb13ce4ee4c
a310Logger
error
a310Logger
fc4fbf964b1ea4b01201f4f9fa13345ee834464272d6cdc9814de53e1c4d9e6b
a310Logger
+ 977 additional samples on MalwareBazaar
Result
Malware family:
darkcloud
Create hunting rule
Score:
  10/10
Tags:
family:darkcloud discovery execution persistence stealer
Link:
https://tria.ge/reports/250930-t29c8szzcx/
Behaviour
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Checks computer location settings
Command and Scripting Interpreter: PowerShell
DarkCloud
Darkcloud family
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/2ab4b28f-03c3-4071-bb8e-c0e8c85e6768
Unpacked files
SH256 hash:
a1bb869c7bc1c929b59fd85525edcbff01c2ae37047f796dcf128aa92284422c
MD5 hash:
0781bcd407b61b3ab68fbd74022e446b
SHA1 hash:
8441927a76418998fd6d0d56bcc3097029c09d99
Link:
https://www.unpac.me/results/f5dddcbe-90d6-4aa0-8df5-b20ef62d112e/
SH256 hash:
3a8235adcf5c014204b3c7f9bc74cdc5628617fbca4edfd0a89e61bd368598d3
MD5 hash:
805ed8b902bad1be7788a1f25a33f7c1
SHA1 hash:
d7c02f99910d58990504e561694d74e90fd872c5
Link:
https://www.unpac.me/results/f5dddcbe-90d6-4aa0-8df5-b20ef62d112e/
SH256 hash:
e240a486b2751c95987775fa5de24844159904dc727b9a06bb725409a54af8c1
MD5 hash:
d2618025736d620e365ae467bc38cf03
SHA1 hash:
e933545f161f612207b79b9d8d366a64fff87043
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/f5dddcbe-90d6-4aa0-8df5-b20ef62d112e/
SH256 hash:
cba87db1c9bbb2e7192a2f7cc7dfffe9c96eeacdc389c6026a7c000335078fea
MD5 hash:
fcc604d5ed90b4687a105fa9ae08b960
SHA1 hash:
f9a99338779cfffd2a163361dec939116223eb9e
Detections:
darkcloudstealer
Create hunting rule
INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_References_Messaging_Clients
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_TelegramChatBot
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_CC_Regex
Create hunting rule
MALWARE_Win_A310Logger
Create hunting rule
MALWARE_Win_DarkCloud
Create hunting rule
Link:
https://www.unpac.me/results/f5dddcbe-90d6-4aa0-8df5-b20ef62d112e/
Parent samples :
a1bb869c7bc1c929b59fd85525edcbff01c2ae37047f796dcf128aa92284422c
181580691e151a96b9b8a5c85f2e5e859a6c8284fc0095cb0b68ff57a37ca39a
cc8d870cb3894eccc05026181ff7075493e0d29d71d0eae115e29bd682830930
Malware family:
DarkCloud
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/a1bb869c7bc1/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a1bb869c7bc1c929b59fd85525edcbff01c2ae37047f796dcf128aa92284422c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:INDICATOR_KB_CERT_7c1118cbbadc95da3752c46e47a27438
Create hunting rule
Author:ditekSHen
Description:Detects executables signed with stolen, revoked or invalid certificates
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

a310Logger

Executable exe a1bb869c7bc1c929b59fd85525edcbff01c2ae37047f796dcf128aa92284422c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3635762/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/29602/

Comments