Overview

overview

10

Static

static

10

058d31e2ec...10.exe

windows7_x64

10

058d31e2ec...10.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    117s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    22-02-2022 23:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    058d31e2ec907017fd99c0ccd4dadab13da0feb273ceee1536ef05c25b775310.exe

  • Size

    260KB

  • MD5

    a91e72b6e296d7811a9a64072695f7e8

  • SHA1

    760c8c49ffda6dd24ffc36f36a498678c32718b9

  • SHA256

    058d31e2ec907017fd99c0ccd4dadab13da0feb273ceee1536ef05c25b775310

  • SHA512

    d254ee900598d1eaef6b629c10f2d97bcf34a732f831cf96dc861f640f54128545f54ffd204389796dd29a3ecd0432f47f1f1c2d78ddb4dad62db7cffb0712a6

Score
10/10
isrstealercollectionspywarestealersuricatatrojanupx

Malware Config

Signatures

  • ISR Stealer

    ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    trojanstealerisrstealer
  • suricata: ET MALWARE ISRStealer Checkin

    suricata: ET MALWARE ISRStealer Checkin

    suricata
  • NirSoft MailPassView 2 IoCs

    Password recovery tool for various email clients

  • Nirsoft 2 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs
    collection
  • Suspicious use of SetThreadContext 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\058d31e2ec907017fd99c0ccd4dadab13da0feb273ceee1536ef05c25b775310.exe
    "C:\Users\Admin\AppData\Local\Temp\058d31e2ec907017fd99c0ccd4dadab13da0feb273ceee1536ef05c25b775310.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1844
    • C:\Users\Admin\AppData\Local\Temp\058d31e2ec907017fd99c0ccd4dadab13da0feb273ceee1536ef05c25b775310.exe
      /scomma "C:\Users\Admin\AppData\Local\Temp\Vq2GtwAu8x.ini"
      2⤵
        PID:792
      • C:\Users\Admin\AppData\Local\Temp\058d31e2ec907017fd99c0ccd4dadab13da0feb273ceee1536ef05c25b775310.exe
        /scomma "C:\Users\Admin\AppData\Local\Temp\gNn1AkaCEw.ini"
        2⤵
        • Accesses Microsoft Outlook accounts
        PID:1108

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/792-56-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download

    • memory/792-57-0x0000000075341000-0x0000000075343000-memory.dmp

      Filesize

      8KB

      Download

    • memory/792-58-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download

    • memory/792-59-0x0000000000400000-0x0000000000453000-memory.dmp

      Filesize

      332KB

      Download

    • memory/1108-62-0x0000000000400000-0x000000000041F000-memory.dmp

      Filesize

      124KB

      Download

    • memory/1108-64-0x0000000000400000-0x000000000041F000-memory.dmp

      Filesize

      124KB

      Download

    • memory/1108-65-0x0000000000400000-0x000000000041F000-memory.dmp

      Filesize

      124KB

      Download