a310logger

General

Target

2c6ffa6e812c876dbf207473c2f969fbe1e3f94560befd6611352cbce28bb676
Size

405KB
Sample

210713-aqfbq387bs
MD5

33f746bc5fc31d6791ed7babf794f894
SHA1

e123d85bb6b8dacd57068828dad6640327f327a4
SHA256

2c6ffa6e812c876dbf207473c2f969fbe1e3f94560befd6611352cbce28bb676
SHA512

13a14ebb85fe3716041ab4909033e1136a1a939e9bc13f8eb8429dca91ee15d14881ec3e5b7b61d1d9e10d3ad65d873a9dd9eee454b952a8199f731e59f3e4a8

Score

10^/10

Malware Config

Targets

- Target
  
  2c6ffa6e812c876dbf207473c2f969fbe1e3f94560befd6611352cbce28bb676
- Size
  
  405KB
- MD5
  
  33f746bc5fc31d6791ed7babf794f894
- SHA1
  
  e123d85bb6b8dacd57068828dad6640327f327a4
- SHA256
  
  2c6ffa6e812c876dbf207473c2f969fbe1e3f94560befd6611352cbce28bb676
- SHA512
  
  13a14ebb85fe3716041ab4909033e1136a1a939e9bc13f8eb8429dca91ee15d14881ec3e5b7b61d1d9e10d3ad65d873a9dd9eee454b952a8199f731e59f3e4a8
Score

10^/10

a310logger stormkitty spyware stealer
- A310logger
  A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware a310logger
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty Payload
- A310logger Executable
- Executes dropped EXE
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

StormKitty

StormKitty Payload

A310logger Executable

Executes dropped EXE

Loads dropped DLL

Reads local data of messenger clients

Reads user/profile data of web browsers

Looks up external IP address via web service

Looks up geolocation information via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2