IMPORT-BOOKING DETAILS.xls.bit.exe

General
Target

IMPORT-BOOKING DETAILS.xls.bit.exe

Size

942KB

Sample

201116-xndwr7vxmx

Score
10 /10
MD5

056347ef33d8723e7fe77e03809ea6a8

SHA1

fd00800bb7f4a0499742eb5ee71427fdef5e0592

SHA256

09abaa1b12ae6d7ed845027756e8852a39ac0a75fecf53f76c08ce48bdf58b91

SHA512

10eb88ef51562bad7664e2ab7fd1da5eeaea8a2c1e3a70fe61cc83c4dfa8bff2e7389c719cb4ad443ed3fba43e5cd7a87391b041c08f7e58f4dce8781d0e552e

Malware Config
Targets
Target

IMPORT-BOOKING DETAILS.xls.bit.exe

MD5

056347ef33d8723e7fe77e03809ea6a8

Filesize

942KB

Score
10 /10
SHA1

fd00800bb7f4a0499742eb5ee71427fdef5e0592

SHA256

09abaa1b12ae6d7ed845027756e8852a39ac0a75fecf53f76c08ce48bdf58b91

SHA512

10eb88ef51562bad7664e2ab7fd1da5eeaea8a2c1e3a70fe61cc83c4dfa8bff2e7389c719cb4ad443ed3fba43e5cd7a87391b041c08f7e58f4dce8781d0e552e

Tags

Signatures

  • ISR Stealer

    Description

    ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    Tags

  • ISR Stealer Payload

  • NirSoft MailPassView

    Description

    Password recovery tool for various email clients

  • Nirsoft

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Drops startup file

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1