a310logger | 51d10bac8aff735f5f365f2ca016a039f9b2c8cabb4e42dca90ab06c13180746 | Triage

Submit
Reports

Overview

overview

Static

static

1

TT09099.exe

windows7_x64

TT09099.exe

windows10_x64

Sharing

General

Target

TT09099.exe
Size

252KB
Sample

210525-yfkktm1njx
MD5

3b376a64c278d40ce6e50a4fdc9b2022
SHA1

0592e33cdedf18068de9d8350a2181ef711a0ba3
SHA256

51d10bac8aff735f5f365f2ca016a039f9b2c8cabb4e42dca90ab06c13180746
SHA512

0bbfd6cc70ec6cfc4218e5d853171578bcf0e36b7b08ba7598b5d52346437dd0c95df09f077099da4fac859f2986dc6caea6242dfaf44acfc6bd87537e0129d0

Score

10^/10

a310logger stormkitty persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

TT09099.exe

Resource

win7v20210408

a310logger stormkitty persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

TT09099.exe

Resource

win10v20210410

a310logger stormkitty persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  TT09099.exe
- Size
  
  252KB
- MD5
  
  3b376a64c278d40ce6e50a4fdc9b2022
- SHA1
  
  0592e33cdedf18068de9d8350a2181ef711a0ba3
- SHA256
  
  51d10bac8aff735f5f365f2ca016a039f9b2c8cabb4e42dca90ab06c13180746
- SHA512
  
  0bbfd6cc70ec6cfc4218e5d853171578bcf0e36b7b08ba7598b5d52346437dd0c95df09f077099da4fac859f2986dc6caea6242dfaf44acfc6bd87537e0129d0
Score

10^/10

a310logger stormkitty persistence spyware stealer
- A310logger
  A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware a310logger
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty Payload
- A310logger Executable
- Executes dropped EXE
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

a310loggerstormkittypersistencespywarestealer

behavioral2

a310loggerstormkittypersistencespywarestealer

© 2018-2024

Terms | Privacy