isrstealer | 1db44426b666ece25c1b9341edefb81655a2dac2ea3016a8a4cd868742d1cc0e

General

Target

1db44426b666ece25c1b9341edefb81655a2dac2ea3016a8a4cd868742d1cc0e
Size

346KB
Sample

220612-3qhktabhhj
MD5

b6194b950435323994624b13b5b2fa81
SHA1

5184c10ca0fa22d7881edf3fb2d754f58259c9e0
SHA256

1db44426b666ece25c1b9341edefb81655a2dac2ea3016a8a4cd868742d1cc0e
SHA512

1f79dbdd13d0ddb4f6f7b5701edb61ce0c4bc6cc4ef8f7b206d8a4346063333036b88d6234a23dfad86e3d3040dcf2b129eaa768b33b2e710ad7127e10dce12b

Score

10^/10

Malware Config

Targets

- Target
  
  Demurrage/Demurrage_details.pdf
- Size
  
  581B
- MD5
  
  f9f30e94d038cd056e24dd9dd9c4504d
- SHA1
  
  00b17a0a83a6403bbc4887edbe40772bf5b8297b
- SHA256
  
  f03a7623524727e6473b228d057f59d35e269817c9944151717b91dcfae9fd6a
- SHA512
  
  3d67a00b5cae17ba79acfeda04154610c3de42b55f919ee3c542c8aef0e2b168ad200febfa62f2bddaeab36e41acd1a60d2fe361a37a35989921e9c4bf10e36a
Score

1^/10
behavioral1 behavioral2
- Target
  
  Demurrage/Demurragefees.exe
- Size
  
  762KB
- MD5
  
  1c4dbd755e7ba59d2a4ce457f09f755b
- SHA1
  
  80b81ba84a6a507c241f5a99e34153fab47d3f0b
- SHA256
  
  3848e61897e3fbc185353a109e0de82164d50a00e1c793290ad7cfd53a9807b4
- SHA512
  
  55a509c9a3be54093b13409da0f7720932e5eb9fab3d6322bcdef0755584aff10224bc98b4ae3db68261900e9a56359416cc0cffde429c0d0cf09fdccd07c90d
Score

10^/10

isrstealer collection stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer Payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Accesses Microsoft Outlook accounts
  collection
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ISR Stealer

ISR Stealer Payload

NirSoft MailPassView

Nirsoft

Executes dropped EXE

UPX packed file

Loads dropped DLL

Accesses Microsoft Outlook accounts

Drops desktop.ini file(s)

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4