a310logger | 038b5ec90419cc38dcfc837ec372f5abbf49b3903501c11b5e3ee8bffc749755 | Triage

Submit
Reports

Overview

overview

Static

static

TT000900_989990.exe

windows7_x64

1

TT000900_989990.exe

windows10_x64

Sharing

General

Target

TT000900_989990.zip
Size

410KB
Sample

210721-92llwasgkj
MD5

aaf2ba8072c500456f321151dc00139b
SHA1

6cdec3a2d02ca6927b699862a1b23b775055bb7a
SHA256

038b5ec90419cc38dcfc837ec372f5abbf49b3903501c11b5e3ee8bffc749755
SHA512

25a0ea70097f0534c68bc6af1a87d099bcdf3a3b769406e941ad9843437c3d58b2f64cb2ae6338bb476ba6b78a85f52b881573deedb7dbb54e6411627bd60e1d

Score

10^/10

a310logger stormkitty spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

TT000900_989990.exe

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

TT000900_989990.exe

Resource

win10v20210410

a310logger stormkitty spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  TT000900_989990.exe
- Size
  
  894KB
- MD5
  
  f343cb0399d345b279de6d50d99f4be9
- SHA1
  
  6983c9557f3ab79b9a78f069599080d6988fd0c1
- SHA256
  
  451e257b591ad6beacf73a6ff2dc67942fa68cdd453da2784e084d790e66d3df
- SHA512
  
  109ab328298c9945aafabe0c306b4ba4534171e40d7ef966ed5e5e14fcc4a87d3ebbc3ff4800fd42fcc78c2d9211b37d37461538f8c79ee3e79fdd5fc429fb19
Score

10^/10

a310logger stormkitty spyware stealer
- A310logger
  A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware a310logger
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty Payload
- A310logger Executable
- Executes dropped EXE
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

a310loggerstormkittyspywarestealer

© 2018-2024

Terms | Privacy