Static

static

1cd12640cd...8a.exe

windows7_x64

1

1cd12640cd...8a.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a

  • Size

    783KB

  • Sample

    201110-kepef222mj

  • MD5

    fae8750fc4fbb827a87258ce330251a8

  • SHA1

    1141f067de255d7442cfde1fc6991e20db57e4ba

  • SHA256

    1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a

  • SHA512

    251ecd8fda7a8cd4f5ca9c7714cbe4c5d9a12d329ae21e05757a8682b73abcc79b59d8f20105f3837eedd932c1b3473f6f58ef8fd1ae6ff3cb184692907192dc

Score
10/10
isrstealerspywarestealertrojanupx

Malware Config

Targets

    • Target

      1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a

    • Size

      783KB

    • MD5

      fae8750fc4fbb827a87258ce330251a8

    • SHA1

      1141f067de255d7442cfde1fc6991e20db57e4ba

    • SHA256

      1cd12640cd035338923aac16f8cbbc1625c3cd58b9dbb38e524948554ecea48a

    • SHA512

      251ecd8fda7a8cd4f5ca9c7714cbe4c5d9a12d329ae21e05757a8682b73abcc79b59d8f20105f3837eedd932c1b3473f6f58ef8fd1ae6ff3cb184692907192dc

    Score
    10/10
    isrstealerspywarestealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer Payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks