General
-
Target
INVOICE#09090002.exe
-
Size
592KB
-
Sample
210903-g4dccsceg3
-
MD5
8146345093404dfc79a943b0da184e47
-
SHA1
1472f04b7d707f523bc98975fc593c78ae5f4710
-
SHA256
f0f118c8bca327b5a4d164509fae627e4bd37b087abc1b7c2e337bfc8e3ff90e
-
SHA512
a8c3e5cb167bd8a104af57339cf997e052426817a4784bfde13e768d9f54aeee8bd39cad5ecbe4a61de561261709003caad7864d6e7b53871ae125c3d4d472cd
Malware Config
Targets
-
-
Target
INVOICE#09090002.exe
-
Size
592KB
-
MD5
8146345093404dfc79a943b0da184e47
-
SHA1
1472f04b7d707f523bc98975fc593c78ae5f4710
-
SHA256
f0f118c8bca327b5a4d164509fae627e4bd37b087abc1b7c2e337bfc8e3ff90e
-
SHA512
a8c3e5cb167bd8a104af57339cf997e052426817a4784bfde13e768d9f54aeee8bd39cad5ecbe4a61de561261709003caad7864d6e7b53871ae125c3d4d472cd
Score10/10-
A310logger
A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty Payload
-
A310logger Executable
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Suspicious use of SetThreadContext
-