General

  • Target

    NOIOUIOOO.zip

  • Size

    277KB

  • Sample

    210902-mxkvkexqks

  • MD5

    03c57a272bed56602bd6ff4dccacf475

  • SHA1

    f11e39fff92e2e194de2fe27ec12476a15342cb0

  • SHA256

    2f633b054c3d676fa38faf29fdf5162cca6eda93a837a86392adbbf372dc8db3

  • SHA512

    15e8b93c3a692d480157985e272529a39cfea10e0af4ab2b69c176d1245655493351ffb8b05b94290d28768d482ebc9e8b8f81ac65f15108879cfcef91bd8980

Malware Config

Targets

    • Target

      NOIOUIOOO.exe

    • Size

      450KB

    • MD5

      e1b17f95e65af9b57c5f9b917a65c74c

    • SHA1

      7041471174b43d635195c7dbcb380308659df69a

    • SHA256

      b9dfdd034ca5c15f3af2ab24eb48ac79fca0417ef264603a129857cd103eee11

    • SHA512

      45e3c7bfcc84fc4fdb6414b37d6b95496b0984717db7e45885c4c921282cdf6f2c09a3dc097e896415c452892f4bda089c58ba5076de912716ad123652d517c4

    • A310logger

      A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty Payload

    • A310logger Executable

    • Executes dropped EXE

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks