General
-
Target
NOIOUIOOO.zip
-
Size
277KB
-
Sample
210902-mxkvkexqks
-
MD5
03c57a272bed56602bd6ff4dccacf475
-
SHA1
f11e39fff92e2e194de2fe27ec12476a15342cb0
-
SHA256
2f633b054c3d676fa38faf29fdf5162cca6eda93a837a86392adbbf372dc8db3
-
SHA512
15e8b93c3a692d480157985e272529a39cfea10e0af4ab2b69c176d1245655493351ffb8b05b94290d28768d482ebc9e8b8f81ac65f15108879cfcef91bd8980
Malware Config
Targets
-
-
Target
NOIOUIOOO.exe
-
Size
450KB
-
MD5
e1b17f95e65af9b57c5f9b917a65c74c
-
SHA1
7041471174b43d635195c7dbcb380308659df69a
-
SHA256
b9dfdd034ca5c15f3af2ab24eb48ac79fca0417ef264603a129857cd103eee11
-
SHA512
45e3c7bfcc84fc4fdb6414b37d6b95496b0984717db7e45885c4c921282cdf6f2c09a3dc097e896415c452892f4bda089c58ba5076de912716ad123652d517c4
Score10/10-
A310logger
A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty Payload
-
A310logger Executable
-
Executes dropped EXE
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Suspicious use of SetThreadContext
-