Static

static

SCAN001-PO...O2.exe

windows7_x64

10

SCAN001-PO...O2.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SCAN001-PO-2 x 5kg HfO2.exe

  • Size

    646KB

  • Sample

    201109-q27zdetm36

  • MD5

    b192f4eb3271c0bfc58f5485cfa2b775

  • SHA1

    b14d0981eacceaa7d72ef52fea15aacd7df1a4fc

  • SHA256

    64b3a6adfac5ca856a15d9c0a22840056506562ae94233a30b2c8e32a7f61cda

  • SHA512

    3d190ecdb350139b6d6ae63b7b6b6e058900a1ae64fb47f87e0ecb7651d3dc2779d7e58444250924273d7de81573188e6a70141f44a3a9781e2966c65ae714a0

Score
10/10
isrstealerstealertrojanupx

Malware Config

Targets

    • Target

      SCAN001-PO-2 x 5kg HfO2.exe

    • Size

      646KB

    • MD5

      b192f4eb3271c0bfc58f5485cfa2b775

    • SHA1

      b14d0981eacceaa7d72ef52fea15aacd7df1a4fc

    • SHA256

      64b3a6adfac5ca856a15d9c0a22840056506562ae94233a30b2c8e32a7f61cda

    • SHA512

      3d190ecdb350139b6d6ae63b7b6b6e058900a1ae64fb47f87e0ecb7651d3dc2779d7e58444250924273d7de81573188e6a70141f44a3a9781e2966c65ae714a0

    Score
    10/10
    isrstealerstealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer Payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks