MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b6d935515f1a5952779211a0765660be792f55b359cbd1c73fbc5441f391e8e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


a310Logger


Vendor detections: 9


Intelligence 9 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b6d935515f1a5952779211a0765660be792f55b359cbd1c73fbc5441f391e8e4
SHA3-384 hash: 75f64dd9d14f7b2c0c522f8d2adb5e6ad801617553e03024f315c766512d17f3a5098bf18133c6969c6f74f025efd8df
SHA1 hash: 6936cfb5344c8c733e90edbc6d17f36229185def
MD5 hash: 4a28767fda490520c4fd82c5aed5153e
humanhash: finch-oxygen-don-wisconsin
File name:file
Download: download sample
Signature a310Logger
Create hunting rule
File size:491'520 bytes
First seen:2022-10-27 14:53:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 617ea7a775cf544ca355296c6db00fa2 (1 x a310Logger)
ssdeep 12288:YX2mJN7gMS1qhKEIaWZywuOJX/LlJGkfjYKkJj6GmZU:yx6qhKfaWGk7Yb6nZ
Threatray 40 similar samples on MalwareBazaar
TLSH T13AA4291AAA21612DF553C4B0E6E5A257AC197D33158CA82BF7C16B4631351EBECF032F
TrID 51.9% (.EXE) Win32 Executable Microsoft Visual Basic 6 (82067/2/8)
17.1% (.EXE) UPX compressed Win32 Executable (27066/9/6)
16.8% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
4.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):PE icon
dhash icon 1003873d31213f10 (142 x DarkCloud, 132 x GuLoader, 35 x a310Logger)
Reporter jstrosch
Tags:a310logger exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
242
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
No threats detected
Analysis date:
2022-10-27 14:53:40 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/dd7daae5-e563-4785-b37b-ef55687ca53e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
A310Logger
Create hunting rule
Link:
https://www.capesandbox.com/analysis/324943/
Detection(s):
PUA.Win.Packer.ProtectSharewar-2
Create hunting rule

PUA.Win.Packer.ProtectSharewar-3
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
Creating a file
Creating a file in the system32 subdirectories
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b8797df6-894b-467d-9718-e8082819a704
Result
Threat name:
BluStealer, DarkCloud
Create hunting rule
Detection:
malicious
Classification:
rans.troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1099788
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b6d935515f1a5952779211a0765660be792f55b359cbd1c73fbc5441f391e8e4/
Threat name:
Win32.Trojan.A310Logger
Create hunting rule
Status:
Malicious
First seen:
2022-10-27 15:43:12 UTC
File Type:
PE (Exe)
Extracted files:
19
AV detection:
20 of 25 (80.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=w3mtkuk7djmve54scgqhmvtaxz4s6vntlhf5drz7xrked44r5dsa._file
Verdict:
malicious
Similar samples:
1bb31625967f178fe19619375912c6f805c8882d1bb4a5c2dbfed7a657f58eca
a310Logger
2a85650070bb8a38e31bd9fe5fd4626364bdb6cef093025e4fe814fc18391685
a310Logger
45969e23492b09bf7e761590493dc169570c2c4d66b20a523e20ea923d2b6070
a310Logger
6e728030e80dfbe8b571bffc0291c1e5b57b875d4dbe2b7302a73965aed82f70
a310Logger
709d1d9f1e0485cca2cdad3fe16fa9992a2dd07b2310a98dc65066530d4033fe
a310Logger
796b93e1306888ffa8b48c29ff68dee8f6bb7d1fb0b96beb0ba3fd3b3d0f801d
a310Logger
8662c5563163a4bfd38e68eee91831b3c07e30c022ec54bc58c381c53bb1f679
a310Logger
961b20b6682e39499633988483364d3bf730e76e51ee8d15da9dcf46da2a89e7
a310Logger
d476dd03b89f907816cb87f2182926791494de65269e1b82356c61a7350e1fad
a310Logger
+ 30 additional samples on MalwareBazaar
Result
Malware family:
darkcloud
Create hunting rule
Score:
  10/10
Tags:
family:darkcloud
Link:
https://tria.ge/reports/221027-r9we8scefj/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Malware Config
C2 Extraction:
https://api.telegram.org/bot5462107003:AAHpS7vd0kCA-_f6RsjTg_PYKo7VUIqaq9A/sendMessage?chat_id=5740487699
Unpacked files
SH256 hash:
b6d935515f1a5952779211a0765660be792f55b359cbd1c73fbc5441f391e8e4
MD5 hash:
4a28767fda490520c4fd82c5aed5153e
SHA1 hash:
6936cfb5344c8c733e90edbc6d17f36229185def
Link:
https://www.unpac.me/results/c27e7ee5-e7d8-4741-abfe-483455e1f4f5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/b6d935515f1a5952779211a0765660be792f55b359cbd1c73fbc5441f391e8e4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Binary_References_Browsers
Create hunting rule
Author:ditekSHen
Description:Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
Rule name:INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore
Create hunting rule
Author:ditekSHen
Description:Detects executables containing SQL queries to confidential data stores. Observed in infostealers
Rule name:INDICATOR_SUSPICIOUS_EXE_TelegramChatBot
Create hunting rule
Author:ditekSHen
Description:Detects executables using Telegram Chat Bot
Rule name:MALWARE_Win_A310Logger
Create hunting rule
Author:ditekSHen
Description:Detects A310Logger

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

a310Logger

Executable exe b6d935515f1a5952779211a0765660be792f55b359cbd1c73fbc5441f391e8e4

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/324943/

Comments