General
-
Target
DC9087009000.zip
-
Size
492KB
-
Sample
210827-rgrp35tmas
-
MD5
e12d53ab8ad31f855633f689e656fdf9
-
SHA1
19a2853f9277e6bf5a863b3e33f861e197c50d46
-
SHA256
9fd0e322d18f9aa1419a05f6df740f13187b61e3643d78ad8b39821b27756f39
-
SHA512
44077cf46a16ad8fc0bfd9e539103236dc74d7b2fa6b477979d81ee137e204244506a784c527a54059cd0846c6de4e417d02e6d81acdd037cfc88c5dfc03c40d
Malware Config
Targets
-
-
Target
DC9087009000.exe
-
Size
564KB
-
MD5
1a38c8b2bd82b0c0efd9bcdd6a02d5c8
-
SHA1
6ce1c0fb181c34931809ceac48d36c7c2b40e769
-
SHA256
99725d77056555125ea584b0ea92984abdb963950773181c61808a45ab3905a4
-
SHA512
0b29c653c15552ee2dde3e3acae1397f8642d4f26d635b9d3f5b25e1aafb25d6df1f78053d5cbc4ebf43c0ffda6f1ef2e8f0b367e0480dec5bcfc2c2a409ae7a
Score10/10-
A310logger
A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty Payload
-
A310logger Executable
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Suspicious use of SetThreadContext
-