Overview

overview

10

Static

static

PO.img.jpg.exe

windows7_x64

10

PO.img.jpg.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    097ec0959c3f572c2f3de06647d53b1cc4e7d05c2c947f3e29e85602ee7beaf8

  • Size

    344KB

  • Sample

    220521-d3qdrabgdj

  • MD5

    3fbce899aefeddd5a65a4d1865fbcd7a

  • SHA1

    ce04b76fb6f33a7adec84bfbcaa12a10ad075f5e

  • SHA256

    097ec0959c3f572c2f3de06647d53b1cc4e7d05c2c947f3e29e85602ee7beaf8

  • SHA512

    5a2b2fcbd4c680bc9d701a2052fbed35e9b951d533fd385201d681d81797168aa9e209384a362feee606ebf6bc3e420f110c45465f16952081f75162c3ee2f6c

Score
10/10
isrstealercollectionstealertrojanupx

Malware Config

Targets

    • Target

      PO.img.jpg.exe

    • Size

      371KB

    • MD5

      05643226c4f1d9116d9cd0bc31f2eea9

    • SHA1

      80e883195c0108a28d79fd638b326ccd4affad19

    • SHA256

      141d8dd9c235560984db345a6414c17c5fed18e5b2106f240a58f3cdcc9f9584

    • SHA512

      8c7d54423af88f7c6a0ced3e5f768a1f72df90b9478fbd4c7903271b1b8adefbc44228e11dcf71ba6e8d07f08d87b3271b6a0e79801ccb0034f47090638757fe

    Score
    10/10
    isrstealercollectionstealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer Payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook accounts

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks