General

  • Target

    9088890000.exe

  • Size

    383KB

  • Sample

    210903-g4dm5aceg5

  • MD5

    df3de39ce7d9c7c7cb1fca65ef4fb6d3

  • SHA1

    f8dfffbf857a583f4d24cddbf741120a080cef71

  • SHA256

    c8d68c59e8f4cf194e50766e00d0fa72bba828a43ce4405fc195e3d27d9e4b6f

  • SHA512

    85a88ef177f795e9694a988ffda710d97a7037ec2e7ed16c6c7f01476acae564baa6994804d057a440a98ab9563a098f80dc4b2e77cf5d69adfaa466ed5d22bc

Malware Config

Targets

    • Target

      9088890000.exe

    • Size

      383KB

    • MD5

      df3de39ce7d9c7c7cb1fca65ef4fb6d3

    • SHA1

      f8dfffbf857a583f4d24cddbf741120a080cef71

    • SHA256

      c8d68c59e8f4cf194e50766e00d0fa72bba828a43ce4405fc195e3d27d9e4b6f

    • SHA512

      85a88ef177f795e9694a988ffda710d97a7037ec2e7ed16c6c7f01476acae564baa6994804d057a440a98ab9563a098f80dc4b2e77cf5d69adfaa466ed5d22bc

    • A310logger

      A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty Payload

    • A310logger Executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks