Analysis
-
max time kernel
89s -
max time network
70s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
13-07-2021 12:57
General
-
Target
5f70bb21955777e10ca01ead27d16b44.exe
-
Size
1.0MB
-
MD5
5f70bb21955777e10ca01ead27d16b44
-
SHA1
2f7d8adfb506718346d94177103d1d976380a9b4
-
SHA256
84c1024292142c4d234701e830aedcbd865311693f0d8ac75596deee268c7db5
-
SHA512
69f55a7902a4241c008c745a8f3bbc261bf0f9698f0b0b93aafb6ab8ce47b4e0eba47879e32404d6c3cdfab14cf55f60d5de4c34050bcb377f7f92a5a1ed16f4
Malware Config
Signatures
-
A310logger
A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty Payload 2 IoCs
-
A310logger Executable 2 IoCs
-
Executes dropped EXE 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5f70bb21955777e10ca01ead27d16b44.exe"C:\Users\Admin\AppData\Local\Temp\5f70bb21955777e10ca01ead27d16b44.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\5f70bb21955777e10ca01ead27d16b44.exe"C:\Users\Admin\AppData\Local\Temp\5f70bb21955777e10ca01ead27d16b44.exe"2⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NET4\PASSWORDSNET4.exeC:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NET4\PASSWORDSNET4.exe3⤵
- Executes dropped EXE
- Checks processor information in registry
-
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NET4\CREDITCARDNET4.exeC:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NET4\CREDITCARDNET4.exe3⤵
- Executes dropped EXE
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
a451ff83e1e0b66af6a3f26ee38bf4ff
SHA15dc4535a7a059c3aaedf925093e9fbe5f27aae80
SHA256e654a9462d181c047534462ca3f13c1117886dbeded26cc1c0255328fd1046da
SHA5123d2722dd84783eb806e671fd611b03ea9851e8d266f182088e7e2a7af467ca2b6fd348461117cc7e547bd225be5f748b2c724ea0c7431a3d15d1291355f92a85
-
MD5
a451ff83e1e0b66af6a3f26ee38bf4ff
SHA15dc4535a7a059c3aaedf925093e9fbe5f27aae80
SHA256e654a9462d181c047534462ca3f13c1117886dbeded26cc1c0255328fd1046da
SHA5123d2722dd84783eb806e671fd611b03ea9851e8d266f182088e7e2a7af467ca2b6fd348461117cc7e547bd225be5f748b2c724ea0c7431a3d15d1291355f92a85
-
MD5
1e80e2c7dc321a0f48da92fdbdbd44eb
SHA14bcf3e9b2e0332e1428779254aaf0b7a1b07b08e
SHA2566dd7c673498c69240586a2344c16dcaefb1229e06fdf2b85b76cd91e5578e291
SHA512dde95e41feca1ac7fc3c86277a2eaa3ac7d96c0bbb31faaea6c8aae680fc1aff1cfbad849660457fdbf69479b4496906dea5edc9ca307625836f483f82b6ca62
-
MD5
1e80e2c7dc321a0f48da92fdbdbd44eb
SHA14bcf3e9b2e0332e1428779254aaf0b7a1b07b08e
SHA2566dd7c673498c69240586a2344c16dcaefb1229e06fdf2b85b76cd91e5578e291
SHA512dde95e41feca1ac7fc3c86277a2eaa3ac7d96c0bbb31faaea6c8aae680fc1aff1cfbad849660457fdbf69479b4496906dea5edc9ca307625836f483f82b6ca62
-
MD5
e0f2606f6fac6efd3194dde5ecd2f277
SHA1c9dfd88f196c155c84b9a563dc6534b52f0d4d1f
SHA256159253a5809cb0219269b8f1bdcef6c2c773b464da25b4849a6758dd2bf36a66
SHA512a104795f3e7a71e73c2095fff3bdb6c1032a82e30e31403a1beb201477183537c99d9ba5327e4de291ada647615be67b1c78bacd47edecb565d0c29c01c39da5
-
-
Filesize
296KB
-
Filesize
8KB
-
Filesize
296KB
-
Filesize
4KB
-
Filesize
452KB
-
Filesize
724KB
-
Filesize
4KB
-
Filesize
5.0MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
-
-
Filesize
4KB