General

  • Target

    c47e2fe944f35aa2d5d311321ffd9ea63bb49d28f5fa5ae85bf4fb24c3369174

  • Size

    220KB

  • Sample

    220308-hlmzhsfahl

  • MD5

    da15cd24853c1417be679134d3f3feb8

  • SHA1

    b993dc97d13cdae9a725467a071f10cb38ec15af

  • SHA256

    c47e2fe944f35aa2d5d311321ffd9ea63bb49d28f5fa5ae85bf4fb24c3369174

  • SHA512

    78147cd634505c41ade71bc25d104dc01e3d971afeef3b4edda589ade3693d956a2736556df4075d2a1899e0bd7c2614d197bf2282d7d4673289842c81e4f96f

Malware Config

Targets

    • Target

      c47e2fe944f35aa2d5d311321ffd9ea63bb49d28f5fa5ae85bf4fb24c3369174

    • Size

      220KB

    • MD5

      da15cd24853c1417be679134d3f3feb8

    • SHA1

      b993dc97d13cdae9a725467a071f10cb38ec15af

    • SHA256

      c47e2fe944f35aa2d5d311321ffd9ea63bb49d28f5fa5ae85bf4fb24c3369174

    • SHA512

      78147cd634505c41ade71bc25d104dc01e3d971afeef3b4edda589ade3693d956a2736556df4075d2a1899e0bd7c2614d197bf2282d7d4673289842c81e4f96f

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer Payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks