General
-
Target
340e9a1bcc5ae00b5251f8c5e4bcae10
-
Size
414KB
-
Sample
231231-nff7nscgdk
-
MD5
340e9a1bcc5ae00b5251f8c5e4bcae10
-
SHA1
a083255dced4da814db8b064b40324e1c755f6a8
-
SHA256
9e8945e1f0569c2fddfad7e0a580508cc85a7ec431b634ea070cdfc8c80cc6cf
-
SHA512
521cb325d8d7b61788419694f028e830b423d02b5395dadc16e02e7d08b4ca75feb033edfd055eb158fd0f3e315a07b44dda20a4754ac4f4172a3c5741595405
-
SSDEEP
3072:Wri/gSS018Jn8Q5CJ2ZezucNTl2B03TirJjMmCtxBu6Z91EqySTG1fwkYopl9/1/:ZgSS0G4IEzuc72B0witOCnGS8t7Fh
Malware Config
Targets
-
-
Target
340e9a1bcc5ae00b5251f8c5e4bcae10
-
Size
414KB
-
MD5
340e9a1bcc5ae00b5251f8c5e4bcae10
-
SHA1
a083255dced4da814db8b064b40324e1c755f6a8
-
SHA256
9e8945e1f0569c2fddfad7e0a580508cc85a7ec431b634ea070cdfc8c80cc6cf
-
SHA512
521cb325d8d7b61788419694f028e830b423d02b5395dadc16e02e7d08b4ca75feb033edfd055eb158fd0f3e315a07b44dda20a4754ac4f4172a3c5741595405
-
SSDEEP
3072:Wri/gSS018Jn8Q5CJ2ZezucNTl2B03TirJjMmCtxBu6Z91EqySTG1fwkYopl9/1/:ZgSS0G4IEzuc72B0witOCnGS8t7Fh
Score10/10-
A310logger
A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
A310logger Executable
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Suspicious use of SetThreadContext
-