General
-
Target
f5bf7345faf95d1997b4db8d72018a62_JaffaCakes118
-
Size
476KB
-
Sample
240417-pfvwhaed49
-
MD5
f5bf7345faf95d1997b4db8d72018a62
-
SHA1
9ec869cb94d730926ac5bd94ee0724e5bb8a94eb
-
SHA256
5d3e5503103fe87851128da37f39fdc2e500d7bbf9f69e681745e582db9450a5
-
SHA512
7ad9c11158402a42d6b601cf467b2d0093439d9aae85fc3eab9f5f631ec1398298b2c7b10b9be6a7b88d0f9a41e16e99de1f6403b4dd2f0a4ed64b908b1de302
-
SSDEEP
6144:dYKujIJ6lseq61sv7hN5wvEQui1h3svMzO4b3ymjT2hJjXTF+jPlMqhxD6joq:d1NJ6oAsyvELg3sje2autn
Malware Config
Targets
-
-
Target
f5bf7345faf95d1997b4db8d72018a62_JaffaCakes118
-
Size
476KB
-
MD5
f5bf7345faf95d1997b4db8d72018a62
-
SHA1
9ec869cb94d730926ac5bd94ee0724e5bb8a94eb
-
SHA256
5d3e5503103fe87851128da37f39fdc2e500d7bbf9f69e681745e582db9450a5
-
SHA512
7ad9c11158402a42d6b601cf467b2d0093439d9aae85fc3eab9f5f631ec1398298b2c7b10b9be6a7b88d0f9a41e16e99de1f6403b4dd2f0a4ed64b908b1de302
-
SSDEEP
6144:dYKujIJ6lseq61sv7hN5wvEQui1h3svMzO4b3ymjT2hJjXTF+jPlMqhxD6joq:d1NJ6oAsyvELg3sje2autn
Score10/10-
A310logger
A310 Logger is a .NET stealer/logger targeting passwords from browsers and email clients.
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
A310logger Executable
-
Executes dropped EXE
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
Suspicious use of SetThreadContext
-