General
-
Target
090009000N.zip
-
Size
101KB
-
Sample
210903-dvf54sbhh7
-
MD5
1a6b2681aa6b7b22892812db44c40650
-
SHA1
5db040af639744958921bfde663df0d8ff1454e3
-
SHA256
bea7fc2e0fd9a1a0eb1382285dcbff3db76a372c18249673bf331257bac602af
-
SHA512
3156e366d40e1a1d531ce217c26bfab5059b50ee97fe4564bdc5f7af0c0d3b6e0d9c59854277798e9d89bb13831bbfaf5cf3dca73825b6c0b0d237ada54d5b1c
Static task
static1
Behavioral task
behavioral1
Sample
090009000N.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
090009000N.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
090009000N.exe
-
Size
208KB
-
MD5
780cc6d61d19eb61fbb2566fe8f39b4a
-
SHA1
08272cd98b5d17ba7f6bf204e7b0af78a2e44957
-
SHA256
7a30162550b7e83cf48b73ad034251cbc6e053f9d20809c4f4beefaef28c8754
-
SHA512
f9e5d82b4710a8e5020007d9d1ae9eb1e2f8c682677a87617c08bc5059d148cfb2b5673c221077f96d37ae45d324b26ac4632df0f8fb1a05c35e989243f4048e
Score10/10-
A310logger
A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
StormKitty Payload
-
A310logger Executable
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Suspicious use of SetThreadContext
-