Static

static

d265fcb40a...b5.exe

windows7_x64

10

d265fcb40a...b5.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d265fcb40a443162e0da3274ca4a0c81418c12756b929b29f34688abddae01b5

  • Size

    1.2MB

  • Sample

    201115-kcn187cdsj

  • MD5

    e9fea729bae2bd3a20d61829dc12c806

  • SHA1

    d89fe8744aae2fa5164163045d6f91540cd49213

  • SHA256

    d265fcb40a443162e0da3274ca4a0c81418c12756b929b29f34688abddae01b5

  • SHA512

    9d60873b85bb2128e35258789b7c40d3d29a8ff476272759844bb8f74fd665fb82dcbe9672e9311b0c7537d6ab1f8662ac43abe8bc7aa4b63519b03d0fb45ab3

Score
10/10
isrstealerevasionpersistencestealertrojanupx

Malware Config

Targets

    • Target

      d265fcb40a443162e0da3274ca4a0c81418c12756b929b29f34688abddae01b5

    • Size

      1.2MB

    • MD5

      e9fea729bae2bd3a20d61829dc12c806

    • SHA1

      d89fe8744aae2fa5164163045d6f91540cd49213

    • SHA256

      d265fcb40a443162e0da3274ca4a0c81418c12756b929b29f34688abddae01b5

    • SHA512

      9d60873b85bb2128e35258789b7c40d3d29a8ff476272759844bb8f74fd665fb82dcbe9672e9311b0c7537d6ab1f8662ac43abe8bc7aa4b63519b03d0fb45ab3

    Score
    10/10
    isrstealerevasionpersistencestealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer Payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks