Overview

overview

10

Static

static

10

b3d0b8c065...35.exe

windows7-x64

10

b3d0b8c065...35.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b3d0b8c065ad75dfd646829bc7c87735

  • Size

    67KB

  • Sample

    240305-fedfdsfd76

  • MD5

    b3d0b8c065ad75dfd646829bc7c87735

  • SHA1

    629655f03b356ad46ae106855eb004c7be7098c0

  • SHA256

    61560f470822a249950e3d35574aae0ee9c93da31c1fd6f001c0cec97069a4fb

  • SHA512

    81539089391fb7aad33450a37ab57ec4a13c544a70ead868bc89f4e5d3d81dd948b4ea82c9ba1a780e03dfee608839b6acf2868f0ff6c0fc0fd2ef2fd6cf766e

  • SSDEEP

    768:Xb5fzfrnTjUzYZzZbvINP2hTlCio1cIBB6zTTCkvbIcwlwLHT1C4kh3ZsXULI9eN:L5bTnBIrio1cKeTDvbIcwqdUEPR+pR

Score
10/10
a310loggerstormkittycollectionspywarestealer

Malware Config

Targets

    • Target

      b3d0b8c065ad75dfd646829bc7c87735

    • Size

      67KB

    • MD5

      b3d0b8c065ad75dfd646829bc7c87735

    • SHA1

      629655f03b356ad46ae106855eb004c7be7098c0

    • SHA256

      61560f470822a249950e3d35574aae0ee9c93da31c1fd6f001c0cec97069a4fb

    • SHA512

      81539089391fb7aad33450a37ab57ec4a13c544a70ead868bc89f4e5d3d81dd948b4ea82c9ba1a780e03dfee608839b6acf2868f0ff6c0fc0fd2ef2fd6cf766e

    • SSDEEP

      768:Xb5fzfrnTjUzYZzZbvINP2hTlCio1cIBB6zTTCkvbIcwlwLHT1C4kh3ZsXULI9eN:L5bTnBIrio1cKeTDvbIcwqdUEPR+pR

    Score
    10/10
    a310loggercollectionspywarestealer

    • A310logger

      A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.

      stealerspywarea310logger

    • A310logger Executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks