General

  • Target

    96739a4d394217c2cbd895cf16acc0c8

  • Size

    455KB

  • Sample

    240212-gwvlnsed4x

  • MD5

    96739a4d394217c2cbd895cf16acc0c8

  • SHA1

    90af83fed1eb2652e133aad4f47f9354287f75a8

  • SHA256

    28fe91c48fa8583da9692cbdee3c2c32038d5dc3f8ca7dcd195f74511c1d6a78

  • SHA512

    846383b8cd6ff5208c96bf2063faff5c2fa1c1d5d714c11cb30d9aa84ad56f2435f70b2446cfc7006920a4b71dfc568bb36e03d5e8d077db757e673307729955

  • SSDEEP

    6144:FpJ+LBFdhgY3AgXUU6EEsgg/nzzYjzZnMUzpVltygvxTUpVP/KW+q9UT95GX:vArdGPqSENgg/KRpT/vxUpMLR5k

Malware Config

Targets

    • Target

      96739a4d394217c2cbd895cf16acc0c8

    • Size

      455KB

    • MD5

      96739a4d394217c2cbd895cf16acc0c8

    • SHA1

      90af83fed1eb2652e133aad4f47f9354287f75a8

    • SHA256

      28fe91c48fa8583da9692cbdee3c2c32038d5dc3f8ca7dcd195f74511c1d6a78

    • SHA512

      846383b8cd6ff5208c96bf2063faff5c2fa1c1d5d714c11cb30d9aa84ad56f2435f70b2446cfc7006920a4b71dfc568bb36e03d5e8d077db757e673307729955

    • SSDEEP

      6144:FpJ+LBFdhgY3AgXUU6EEsgg/nzzYjzZnMUzpVltygvxTUpVP/KW+q9UT95GX:vArdGPqSENgg/KRpT/vxUpMLR5k

    • A310logger

      A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

    • StormKitty

      StormKitty is an open source info stealer written in C#.

    • StormKitty payload

    • A310logger Executable

    • Executes dropped EXE

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks