MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd6387e217bb54683a5300b0bcbb88e346f2f4b7a8cbfae9f95ae6bb8b3a798a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


a310Logger


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd6387e217bb54683a5300b0bcbb88e346f2f4b7a8cbfae9f95ae6bb8b3a798a
SHA3-384 hash: 784b53a366447e5660ac5389e6210a25acfe8fdd2fd8c66bee6cf5924415e8825ef960e8a45a99928c8370fa2b0d0d00
SHA1 hash: 5066ded5b953e0cae30e638e831471ecdeeb4a1a
MD5 hash: 50c18d7297ed9ad867a6c54c42fcaf87
humanhash: comet-quebec-may-romeo
File name:Scan3094-01.exe
Download: download sample
Signature a310Logger
Create hunting rule
File size:529'375 bytes
First seen:2021-10-07 06:10:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b76363e9cb88bf9390860da8e50999d2 (464 x Formbook, 184 x AgentTesla, 122 x SnakeKeylogger)
ssdeep 12288:ysy7oGCynP+JatHkq67ZNyTkeAb7/Xx+On2:Py7o6PeIkd7ZNZLB+G2
Threatray 4'637 similar samples on MalwareBazaar
TLSH T130B423FFEA51E8F3C0A2067443BAEA37FF26445402D86603F7561F27A7A451A1E35C49
File icon (PE):PE icon
dhash icon 64f4d4d4ecf4d4d4 (82 x SnakeKeylogger, 34 x AgentTesla, 24 x Formbook)
Reporter lowmal3
Tags:a310logger exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
165
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Scan3094-01.exe
Verdict:
Malicious activity
Analysis date:
2021-10-07 06:16:18 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0611c613-b4ed-4f29-be6c-729771e201f4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
JKeylogger
Create hunting rule
Link:
https://www.capesandbox.com/analysis/195607/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a file
Creating a window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/615e8f7798a6280f39336d75/reports/ad2d5a85-e2dd-4e92-b4c7-b40235af5534/overview
Result
Threat name:
SpyEx a310Logger
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/866043
Signature
.NET source code contains potential unpacker
Allocates memory in foreign processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Sample uses process hollowing technique
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Crypto Currency Wallets
Tries to steal Mail credentials (via file access)
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
Yara detected a310Logger
Yara detected Generic Dropper
Yara detected SpyEx stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bd6387e217bb54683a5300b0bcbb88e346f2f4b7a8cbfae9f95ae6bb8b3a798a/
Threat name:
Win32.Trojan.Nsisx
Create hunting rule
Status:
Malicious
First seen:
2021-10-06 05:19:41 UTC
AV detection:
12 of 45 (26.67%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
27349326ae3b7d0b52cfbdd9c3f5227ef46e9efda7fae1a59f6e8a11ef0d536c
a310Logger
3abd941389c4d76a2e36c0c4468aab3b891925225f63bd5e280dd1c986311099
a310Logger
6706708038be0f6bf47ce78859a5027bcfaa239dc08160e9052080ab2bce61a8
a310Logger
8099ebfd7569487096ead243d666f8e9af81bddda1d987b2840820042549e9b0
a310Logger
9295e25f8d2faace30d36a7497aa48df5bc44de15cee22fc6b1e4233e3c50c50
a310Logger
babefd091cac5677f905102c15edbbdb8556e351fb24c3b1f5ee5ab59175d62f
a310Logger
dae98216e9afdf607fef6103da482bda1b6f7fb6ee9731e94fd96f61a4a0931c
a310Logger
e29247ccbd64ef5da34a09b073f1f638c23bd7d280724feabf900e6ac786af52
a310Logger
fc3325548497708c387234e5c4e1457c3a46bc7061e272c1c35c4668d42a776f
a310Logger
+ 4'627 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/211007-gxledscbdp/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Loads dropped DLL
Unpacked files
SH256 hash:
bd6387e217bb54683a5300b0bcbb88e346f2f4b7a8cbfae9f95ae6bb8b3a798a
MD5 hash:
50c18d7297ed9ad867a6c54c42fcaf87
SHA1 hash:
5066ded5b953e0cae30e638e831471ecdeeb4a1a
Link:
https://www.unpac.me/results/3a8c5995-4902-414f-b337-d8998f8ff1fb/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.87
Link:
https://yomi.yoroi.company/submissions/bd6387e217bb54683a5300b0bcbb88e346f2f4b7a8cbfae9f95ae6bb8b3a798a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

a310Logger

Executable exe bd6387e217bb54683a5300b0bcbb88e346f2f4b7a8cbfae9f95ae6bb8b3a798a

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/195607/

Comments