General
-
Target
order.xlsx
-
Size
1.1MB
-
Sample
210714-x797qca7bn
-
MD5
9ca6188ffa6e7610504240a8e653a1af
-
SHA1
c0cdd372d847acda3f851f9b96f74a48f9f6ba0b
-
SHA256
e56be44ff82710e8a304f15c2db34bed017876b9fb36efc1b84c7ace02e6b88a
-
SHA512
d6f8f7823aa448bf010cf6a76179d7194e2369d343ee1aac1819b149ba0b0f56c2b76e749687a7dcd524f9d2709b1487bd103a26b9c1f8fa9e57080f6bb386ce
Malware Config
Targets
-
-
Target
order.xlsx
-
Size
1.1MB
-
MD5
9ca6188ffa6e7610504240a8e653a1af
-
SHA1
c0cdd372d847acda3f851f9b96f74a48f9f6ba0b
-
SHA256
e56be44ff82710e8a304f15c2db34bed017876b9fb36efc1b84c7ace02e6b88a
-
SHA512
d6f8f7823aa448bf010cf6a76179d7194e2369d343ee1aac1819b149ba0b0f56c2b76e749687a7dcd524f9d2709b1487bd103a26b9c1f8fa9e57080f6bb386ce
Score10/10-
A310logger
A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty Payload
-
A310logger Executable
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-