Static

static

IMPORT-BOO...it.exe

windows7_x64

10

IMPORT-BOO...it.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMPORT-BOOKING DETAILS.xls.bit.exe

  • Size

    942KB

  • Sample

    201116-xndwr7vxmx

  • MD5

    056347ef33d8723e7fe77e03809ea6a8

  • SHA1

    fd00800bb7f4a0499742eb5ee71427fdef5e0592

  • SHA256

    09abaa1b12ae6d7ed845027756e8852a39ac0a75fecf53f76c08ce48bdf58b91

  • SHA512

    10eb88ef51562bad7664e2ab7fd1da5eeaea8a2c1e3a70fe61cc83c4dfa8bff2e7389c719cb4ad443ed3fba43e5cd7a87391b041c08f7e58f4dce8781d0e552e

Score
10/10
isrstealerspywarestealertrojanupx

Malware Config

Targets

    • Target

      IMPORT-BOOKING DETAILS.xls.bit.exe

    • Size

      942KB

    • MD5

      056347ef33d8723e7fe77e03809ea6a8

    • SHA1

      fd00800bb7f4a0499742eb5ee71427fdef5e0592

    • SHA256

      09abaa1b12ae6d7ed845027756e8852a39ac0a75fecf53f76c08ce48bdf58b91

    • SHA512

      10eb88ef51562bad7664e2ab7fd1da5eeaea8a2c1e3a70fe61cc83c4dfa8bff2e7389c719cb4ad443ed3fba43e5cd7a87391b041c08f7e58f4dce8781d0e552e

    Score
    10/10
    isrstealerspywarestealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer Payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks