General
-
Target
0257ddd147e983c710726ab6fa0f8e32
-
Size
239KB
-
Sample
231229-ymemjaaeg4
-
MD5
0257ddd147e983c710726ab6fa0f8e32
-
SHA1
85fdda8fe46fb37b098953fda8b4ed22337954c4
-
SHA256
9d5b467c6b68ab75c8153df07b72abd63fda9bd3dfcc045cb6fb65c17b1db482
-
SHA512
d11646f9c95327dd5ab498339097bd67681e4ad0ae97639190b95b29ab07f188c9f9adda0a8bedccef87d0bbd9c86b45b1ffe76a4210714df072d1802c59bb6d
-
SSDEEP
6144:60+pf8o5HaqCTPL5oT5jzOZiDmUZE5jZR5s:63pldatOn9mUZ2vu
Malware Config
Targets
-
-
Target
0257ddd147e983c710726ab6fa0f8e32
-
Size
239KB
-
MD5
0257ddd147e983c710726ab6fa0f8e32
-
SHA1
85fdda8fe46fb37b098953fda8b4ed22337954c4
-
SHA256
9d5b467c6b68ab75c8153df07b72abd63fda9bd3dfcc045cb6fb65c17b1db482
-
SHA512
d11646f9c95327dd5ab498339097bd67681e4ad0ae97639190b95b29ab07f188c9f9adda0a8bedccef87d0bbd9c86b45b1ffe76a4210714df072d1802c59bb6d
-
SSDEEP
6144:60+pf8o5HaqCTPL5oT5jzOZiDmUZE5jZR5s:63pldatOn9mUZ2vu
Score10/10-
A310logger
A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
A310logger Executable
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Suspicious use of SetThreadContext
-