General
-
Target
96739a4d394217c2cbd895cf16acc0c8
-
Size
455KB
-
Sample
231226-3kam1sebcl
-
MD5
96739a4d394217c2cbd895cf16acc0c8
-
SHA1
90af83fed1eb2652e133aad4f47f9354287f75a8
-
SHA256
28fe91c48fa8583da9692cbdee3c2c32038d5dc3f8ca7dcd195f74511c1d6a78
-
SHA512
846383b8cd6ff5208c96bf2063faff5c2fa1c1d5d714c11cb30d9aa84ad56f2435f70b2446cfc7006920a4b71dfc568bb36e03d5e8d077db757e673307729955
-
SSDEEP
6144:FpJ+LBFdhgY3AgXUU6EEsgg/nzzYjzZnMUzpVltygvxTUpVP/KW+q9UT95GX:vArdGPqSENgg/KRpT/vxUpMLR5k
Malware Config
Targets
-
-
Target
96739a4d394217c2cbd895cf16acc0c8
-
Size
455KB
-
MD5
96739a4d394217c2cbd895cf16acc0c8
-
SHA1
90af83fed1eb2652e133aad4f47f9354287f75a8
-
SHA256
28fe91c48fa8583da9692cbdee3c2c32038d5dc3f8ca7dcd195f74511c1d6a78
-
SHA512
846383b8cd6ff5208c96bf2063faff5c2fa1c1d5d714c11cb30d9aa84ad56f2435f70b2446cfc7006920a4b71dfc568bb36e03d5e8d077db757e673307729955
-
SSDEEP
6144:FpJ+LBFdhgY3AgXUU6EEsgg/nzzYjzZnMUzpVltygvxTUpVP/KW+q9UT95GX:vArdGPqSENgg/KRpT/vxUpMLR5k
Score10/10-
A310logger
A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
A310logger Executable
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Suspicious use of SetThreadContext
-