General
-
Target
NKPOY00987900K.zip
-
Size
11KB
-
Sample
210906-hlrbyaafc2
-
MD5
79c795407867e917a7b5d39755455790
-
SHA1
5f72e00c3e88e3b386b1fa5fdc3ae168531c651a
-
SHA256
2079e40b5cbdef00232f13d540bb2e057952692a184d7a4c41daffe882943d4a
-
SHA512
d8375bcd8bb30ad36563c80b5eee86441bc5552494ef9cb82c38454ef1fe3057b7d64526ee5ed5b6d31df52dc1ba155f41f22d594d22c1c141afbf22dfa98c02
Static task
static1
Behavioral task
behavioral1
Sample
NKPOY00987900K.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
NKPOY00987900K.exe
Resource
win10-en
Malware Config
Targets
-
-
Target
NKPOY00987900K.exe
-
Size
37KB
-
MD5
519495b97861c5e3aa560ccbf16b6a00
-
SHA1
d25dfc588f3462eb4bfb4360bf2822c5c8645ec5
-
SHA256
990b62bd8929c8b736fdcf793edb869c350b1a47a7d14ae07f12f951b4d9d55d
-
SHA512
7720caf3c3aed61ef4fc00c3f281f56b5fc547abee6a7c0014e77b465b6684ea657bba3de7a289ae4e7f5a3186bcceb589d19ea906471668d59cffdde6c8e03c
Score10/10-
A310logger
A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
StormKitty Payload
-
A310logger Executable
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Suspicious use of SetThreadContext
-