General
-
Target
PL.exportcagrifance.exe
-
Size
204KB
-
Sample
210603-8wls6tgak6
-
MD5
e7b0bbe1482189169186f932f66fdfd4
-
SHA1
7011360f134f5c68c5601885abfc7d894728b57d
-
SHA256
4934774c7509bb829881702ef12f2fe40b9537e1a266de55f4b61248553dc248
-
SHA512
af0a2d106e5c28234a8c8ab21bbe460cf2cbb1b1f645b6f38cf8f3548e5120b595536107dc8d5c988efac0581610a6aaef561047c704f82f76d9396ec4b789b4
Malware Config
Targets
-
-
Target
PL.exportcagrifance.exe
-
Size
204KB
-
MD5
e7b0bbe1482189169186f932f66fdfd4
-
SHA1
7011360f134f5c68c5601885abfc7d894728b57d
-
SHA256
4934774c7509bb829881702ef12f2fe40b9537e1a266de55f4b61248553dc248
-
SHA512
af0a2d106e5c28234a8c8ab21bbe460cf2cbb1b1f645b6f38cf8f3548e5120b595536107dc8d5c988efac0581610a6aaef561047c704f82f76d9396ec4b789b4
Score10/10-
A310logger
A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty Payload
-
A310logger Executable
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Suspicious use of SetThreadContext
-