General
-
Target
9088890000.exe
-
Size
383KB
-
Sample
210903-g4dm5aceg5
-
MD5
df3de39ce7d9c7c7cb1fca65ef4fb6d3
-
SHA1
f8dfffbf857a583f4d24cddbf741120a080cef71
-
SHA256
c8d68c59e8f4cf194e50766e00d0fa72bba828a43ce4405fc195e3d27d9e4b6f
-
SHA512
85a88ef177f795e9694a988ffda710d97a7037ec2e7ed16c6c7f01476acae564baa6994804d057a440a98ab9563a098f80dc4b2e77cf5d69adfaa466ed5d22bc
Static task
static1
Behavioral task
behavioral1
Sample
9088890000.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
9088890000.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
9088890000.exe
-
Size
383KB
-
MD5
df3de39ce7d9c7c7cb1fca65ef4fb6d3
-
SHA1
f8dfffbf857a583f4d24cddbf741120a080cef71
-
SHA256
c8d68c59e8f4cf194e50766e00d0fa72bba828a43ce4405fc195e3d27d9e4b6f
-
SHA512
85a88ef177f795e9694a988ffda710d97a7037ec2e7ed16c6c7f01476acae564baa6994804d057a440a98ab9563a098f80dc4b2e77cf5d69adfaa466ed5d22bc
Score10/10-
A310logger
A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
StormKitty Payload
-
A310logger Executable
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Suspicious use of SetThreadContext
-