General

  • Target

    2fa857766a51190a35c523d1e668c419

  • Size

    597KB

  • Sample

    231231-kqzvzseeh8

  • MD5

    2fa857766a51190a35c523d1e668c419

  • SHA1

    a03a3e40fea2601e2b745b6d111d8b50384f1bd5

  • SHA256

    32635c5f985aa62687009145f91b4523b781bea2faa94f7864d2ff16ab0a14ef

  • SHA512

    3c54fd2dcfce7e412b8fe2bf328b7feb22dc2eabc24b14040255b7844280c0b4e5d9860c3e244fd90e5702b51454a406039bfd4edd245ee0f530eac4ed191556

  • SSDEEP

    12288:pjxXyjFxBYSk/XE+DF7ruopsW+grfBecYSDE5JVKV6m9E1/E:pjlyZxBAXdZ75CgEcfDE5kKdE

Malware Config

Targets

    • Target

      2fa857766a51190a35c523d1e668c419

    • Size

      597KB

    • MD5

      2fa857766a51190a35c523d1e668c419

    • SHA1

      a03a3e40fea2601e2b745b6d111d8b50384f1bd5

    • SHA256

      32635c5f985aa62687009145f91b4523b781bea2faa94f7864d2ff16ab0a14ef

    • SHA512

      3c54fd2dcfce7e412b8fe2bf328b7feb22dc2eabc24b14040255b7844280c0b4e5d9860c3e244fd90e5702b51454a406039bfd4edd245ee0f530eac4ed191556

    • SSDEEP

      12288:pjxXyjFxBYSk/XE+DF7ruopsW+grfBecYSDE5JVKV6m9E1/E:pjlyZxBAXdZ75CgEcfDE5kKdE

    • A310logger

      A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • Detect ZGRat V1

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • A310logger Executable

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks