d265fcb40a443162e0da3274ca4a0c81418c12756b929b29f34688abddae01b5

General
Target

d265fcb40a443162e0da3274ca4a0c81418c12756b929b29f34688abddae01b5

Size

1MB

Sample

201115-kcn187cdsj

Score
10 /10
MD5

e9fea729bae2bd3a20d61829dc12c806

SHA1

d89fe8744aae2fa5164163045d6f91540cd49213

SHA256

d265fcb40a443162e0da3274ca4a0c81418c12756b929b29f34688abddae01b5

SHA512

9d60873b85bb2128e35258789b7c40d3d29a8ff476272759844bb8f74fd665fb82dcbe9672e9311b0c7537d6ab1f8662ac43abe8bc7aa4b63519b03d0fb45ab3

Malware Config
Targets
Target

d265fcb40a443162e0da3274ca4a0c81418c12756b929b29f34688abddae01b5

MD5

e9fea729bae2bd3a20d61829dc12c806

Filesize

1MB

Score
10 /10
SHA1

d89fe8744aae2fa5164163045d6f91540cd49213

SHA256

d265fcb40a443162e0da3274ca4a0c81418c12756b929b29f34688abddae01b5

SHA512

9d60873b85bb2128e35258789b7c40d3d29a8ff476272759844bb8f74fd665fb82dcbe9672e9311b0c7537d6ab1f8662ac43abe8bc7aa4b63519b03d0fb45ab3

Tags

Signatures

  • ISR Stealer

    Description

    ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    Tags

  • ISR Stealer Payload

  • NirSoft MailPassView

    Description

    Password recovery tool for various email clients

  • Nirsoft

  • Executes dropped EXE

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query Registry System Information Discovery
  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Checks whether UAC is enabled

    Tags

    TTPs

    System Information Discovery
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation