General

  • Target

    c7e45eb3172bfe58a9968e5728de3adcc4a64227873df681a30f52e5f4825a34

  • Size

    376KB

  • Sample

    220308-g9vhtscac6

  • MD5

    aa19d0447d176951ad9c4383e087c64d

  • SHA1

    151118b01a5cb159c0491d8758c117521c6cb73a

  • SHA256

    c7e45eb3172bfe58a9968e5728de3adcc4a64227873df681a30f52e5f4825a34

  • SHA512

    8e55b0ae6c26e0201f9342afae1cd532f969421e123d699dccd1e8a409b23a35c3931401e11144be19633494de3eb8cdcbb72e0ddde1b616784c1322a27d5360

Malware Config

Targets

    • Target

      c7e45eb3172bfe58a9968e5728de3adcc4a64227873df681a30f52e5f4825a34

    • Size

      376KB

    • MD5

      aa19d0447d176951ad9c4383e087c64d

    • SHA1

      151118b01a5cb159c0491d8758c117521c6cb73a

    • SHA256

      c7e45eb3172bfe58a9968e5728de3adcc4a64227873df681a30f52e5f4825a34

    • SHA512

      8e55b0ae6c26e0201f9342afae1cd532f969421e123d699dccd1e8a409b23a35c3931401e11144be19633494de3eb8cdcbb72e0ddde1b616784c1322a27d5360

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer Payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks