SCAN001-PO-2 x 5kg HfO2.exe

General
Target

SCAN001-PO-2 x 5kg HfO2.exe

Size

646KB

Sample

201109-q27zdetm36

Score
10 /10
MD5

b192f4eb3271c0bfc58f5485cfa2b775

SHA1

b14d0981eacceaa7d72ef52fea15aacd7df1a4fc

SHA256

64b3a6adfac5ca856a15d9c0a22840056506562ae94233a30b2c8e32a7f61cda

SHA512

3d190ecdb350139b6d6ae63b7b6b6e058900a1ae64fb47f87e0ecb7651d3dc2779d7e58444250924273d7de81573188e6a70141f44a3a9781e2966c65ae714a0

Malware Config
Targets
Target

SCAN001-PO-2 x 5kg HfO2.exe

MD5

b192f4eb3271c0bfc58f5485cfa2b775

Filesize

646KB

Score
10 /10
SHA1

b14d0981eacceaa7d72ef52fea15aacd7df1a4fc

SHA256

64b3a6adfac5ca856a15d9c0a22840056506562ae94233a30b2c8e32a7f61cda

SHA512

3d190ecdb350139b6d6ae63b7b6b6e058900a1ae64fb47f87e0ecb7651d3dc2779d7e58444250924273d7de81573188e6a70141f44a3a9781e2966c65ae714a0

Tags

Signatures

  • ISR Stealer

    Description

    ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    Tags

  • ISR Stealer Payload

  • NirSoft MailPassView

    Description

    Password recovery tool for various email clients

  • Nirsoft

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10