General

  • Target

    41c3b05debb26645393a5c7253f28e77.exe

  • Size

    594KB

  • Sample

    240104-y3rxssbce7

  • MD5

    41c3b05debb26645393a5c7253f28e77

  • SHA1

    e1e8fcfdc15c34f7e1ce974e4278e79879fe86ae

  • SHA256

    584a847c7e779a2951440152072b93e4ecccb1b86148a2e289c2ccb86962ac34

  • SHA512

    c24771dee7d0e7651b2530623332c28b434da98cc3dbadf3af597225d71a9f2c699bd65f9155424ded2e3902ca1a2f63bc234345b10db9f06e724e9d90ec8351

  • SSDEEP

    12288:SfX25LrCxNuYlc+zakllH7RaR00QHtHx6fsZAvantxK13v6pcL4cUikDXR6sVc+i:SfX25LrCxNuYlcSXt0ehkASIN3CTmv+

Malware Config

Targets

    • Target

      41c3b05debb26645393a5c7253f28e77.exe

    • Size

      594KB

    • MD5

      41c3b05debb26645393a5c7253f28e77

    • SHA1

      e1e8fcfdc15c34f7e1ce974e4278e79879fe86ae

    • SHA256

      584a847c7e779a2951440152072b93e4ecccb1b86148a2e289c2ccb86962ac34

    • SHA512

      c24771dee7d0e7651b2530623332c28b434da98cc3dbadf3af597225d71a9f2c699bd65f9155424ded2e3902ca1a2f63bc234345b10db9f06e724e9d90ec8351

    • SSDEEP

      12288:SfX25LrCxNuYlc+zakllH7RaR00QHtHx6fsZAvantxK13v6pcL4cUikDXR6sVc+i:SfX25LrCxNuYlcSXt0ehkASIN3CTmv+

    • A310logger

      A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • A310logger Executable

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks