General

  • Target

    b0f3f4676919d5dc7ede4751c992e0967d314c12eb293550e6b5276f240fbdbd

  • Size

    340KB

  • Sample

    220308-l3q92sgbgk

  • MD5

    ffd927fb549107e61816ec642c1644f7

  • SHA1

    921da95687dce6557f17c1b5a19a68d593bdc5d5

  • SHA256

    b0f3f4676919d5dc7ede4751c992e0967d314c12eb293550e6b5276f240fbdbd

  • SHA512

    c7b82fb88524a88f00c0328947dce499ad41c99d243874bc8e4b5411e413a7cab5a68f8716f4008f39a74b510f9502082e2c3ddd51138f0777435d1ee6a6eeb9

Malware Config

Targets

    • Target

      b0f3f4676919d5dc7ede4751c992e0967d314c12eb293550e6b5276f240fbdbd

    • Size

      340KB

    • MD5

      ffd927fb549107e61816ec642c1644f7

    • SHA1

      921da95687dce6557f17c1b5a19a68d593bdc5d5

    • SHA256

      b0f3f4676919d5dc7ede4751c992e0967d314c12eb293550e6b5276f240fbdbd

    • SHA512

      c7b82fb88524a88f00c0328947dce499ad41c99d243874bc8e4b5411e413a7cab5a68f8716f4008f39a74b510f9502082e2c3ddd51138f0777435d1ee6a6eeb9

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer Payload

    • suricata: ET MALWARE ISRStealer Checkin

      suricata: ET MALWARE ISRStealer Checkin

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks