General
-
Target
59afe3436eee2e9f3c9a5556cf33cef7
-
Size
460KB
-
Sample
240113-3gxclsfhfr
-
MD5
59afe3436eee2e9f3c9a5556cf33cef7
-
SHA1
43078f70d254753e59c8a920a7f27a1f5cc8e31f
-
SHA256
39cd5c2dd4929b254d9ef4bf758ce2401e49fd5da55ae97ad1939db2cc3acdce
-
SHA512
2ec7599b3e7521d65c47f9289d4dd118ae8274634d4cf2a1cff6d701d62dbf650b8d82f3fc9826def01afcb498a4d5278e3664ed01cad354f195a037f90887af
-
SSDEEP
12288:KuL4A/KxFv2y8Ymc96MnWJVtayr0tiEyK7I/HDdn+gtfTg:KuLz/2FOrMnWJvrWiEv7e+kTg
Static task
static1
Behavioral task
behavioral1
Sample
000100049000TK.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
000100049000TK.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
000100049000TK.exe
-
Size
955KB
-
MD5
113f59d0bd4384226e40c17bf899935d
-
SHA1
4bf159402cefe87d328182fee0e82297b1fff5c5
-
SHA256
b77f7c59b071608e552cf6ccae6f9e0e3f6790d83ec7d163713b0eedc6eccf25
-
SHA512
d8e3717916475013e8ec8cc5a5fef303c4467fe66b944f1031ee73ad964a6a699d3c872a305173ac7565e5000ade605e8cef1cbe3ca9438ac1f85993a69a3b78
-
SSDEEP
12288:gFrXv++Cjkemhes5D9Bq1U50kb9zU9uRyM3/CsUABjFG3CiEN4/PosRbOt/kUQQj:gFrpCDsz2SCyiJA+O9ENGZOMb
-
A310logger
A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
Detect ZGRat V1
-
StormKitty payload
-
A310logger Executable
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Suspicious use of SetThreadContext
-