Overview

overview

10

Static

static

3

37798198d3...e2.exe

windows7-x64

10

37798198d3...e2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    37798198d3649f8171286118fd320fe2.exe

  • Size

    2.7MB

  • Sample

    240110-xvxbwaebem

  • MD5

    37798198d3649f8171286118fd320fe2

  • SHA1

    e4d54a7c1dec833f20a6ff922388bac3b0a8546f

  • SHA256

    04e942767c6c9744ef7eb6d3cc342239b8feaacd4df3c5e542b85177c0fbd97f

  • SHA512

    04f6b778a1920686a8c831be6a827df8997c70b5f2148470142748388d8719f78c553ca462000323bc96c9dc0443addaed636687743ed6df159bab3e90e45838

  • SSDEEP

    12288:lmsZymTeEa4vxX8Y4psEDM44IR//XjlYFq1XIJrgjawytjSu76nPK91s38NOu6Nb:ol

Score
10/10
a310loggerstormkittyzgratcollectionratspywarestealer

Malware Config

Targets

    • Target

      37798198d3649f8171286118fd320fe2.exe

    • Size

      2.7MB

    • MD5

      37798198d3649f8171286118fd320fe2

    • SHA1

      e4d54a7c1dec833f20a6ff922388bac3b0a8546f

    • SHA256

      04e942767c6c9744ef7eb6d3cc342239b8feaacd4df3c5e542b85177c0fbd97f

    • SHA512

      04f6b778a1920686a8c831be6a827df8997c70b5f2148470142748388d8719f78c553ca462000323bc96c9dc0443addaed636687743ed6df159bab3e90e45838

    • SSDEEP

      12288:lmsZymTeEa4vxX8Y4psEDM44IR//XjlYFq1XIJrgjawytjSu76nPK91s38NOu6Nb:ol

    Score
    10/10
    a310loggerstormkittyzgratcollectionratspywarestealer

    • A310logger

      A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

      stealerspywarea310logger

    • Detect ZGRat V1

    • StormKitty

      StormKitty is an open source info stealer written in C#.

      stealerstormkitty

    • StormKitty payload

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • A310logger Executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks