a310logger

General

Target

NKP09741234.zip
Size

574KB
Sample

210901-8kr8zjqgtx
MD5

b21e1da91ff3450e94ea813acf07e6c1
SHA1

a02aa28a44adb2d001ac50abb88c4e573c9d2ddf
SHA256

ca0b97098276e1885fe1b073572a0c5d25fd546b3b410aec44deb80a40296166
SHA512

bc4565dd3dc1288046ded5771cfc511cd3441f64a18c18c73d5fa947f5d2c3245abe09b4fb6f04362389365a0ac0ad97f49733bb8dd577541d60eed50a5132e2

Score

10^/10

Malware Config

Targets

- Target
  
  NKP09741234.exe
- Size
  
  637KB
- MD5
  
  2865d38cb94c66a3a61f24582733bf05
- SHA1
  
  3449cb1b31c3553212b1fdb57e80e7e23225f424
- SHA256
  
  4a1274e4fd1d26d5449fa4516ed5e8b79367d9bae501174ac04ee146345e5043
- SHA512
  
  9d88df252bb52ad486788ddf6c3acfc7326236364ba96314e4fde0c08bcf99a8e395906ec0bbb4483b576145903e3243d7e104f14ccdb567af101e7c74c3c20b
Score

10^/10

a310logger stormkitty spyware stealer
- A310logger
  A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
  stealer spyware a310logger
- StormKitty
  StormKitty is an open source info stealer written in C#.
  stealer stormkitty
- StormKitty Payload
- A310logger Executable
- Executes dropped EXE
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Looks up geolocation information via web service
  Uses a legitimate geolocation service to find the infected system's geolocation info.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

StormKitty

StormKitty Payload

A310logger Executable

Executes dropped EXE

Reads local data of messenger clients

Reads user/profile data of web browsers

Looks up external IP address via web service

Looks up geolocation information via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2