General

  • Target

    3058eb48fda7e64b10a9a95621daf6ee4b2780ba55c955e5ad27c2ffbc13c507

  • Size

    930KB

  • Sample

    220621-ex85cadfg3

  • MD5

    3479f3cffb6f00d4fb600c5884b77144

  • SHA1

    8feca21103e1ff1b45af61f8c94480c53d1dccff

  • SHA256

    3058eb48fda7e64b10a9a95621daf6ee4b2780ba55c955e5ad27c2ffbc13c507

  • SHA512

    473fab47c9c489388dfe896ee9dee129e492323d116ba71ef6ee57c59c2f68c2ce486e8563d55f8284ad8f7b7cf65f1229ddc84bd2ac0eab06936ac08480ba54

Malware Config

Targets

    • Target

      3058eb48fda7e64b10a9a95621daf6ee4b2780ba55c955e5ad27c2ffbc13c507

    • Size

      930KB

    • MD5

      3479f3cffb6f00d4fb600c5884b77144

    • SHA1

      8feca21103e1ff1b45af61f8c94480c53d1dccff

    • SHA256

      3058eb48fda7e64b10a9a95621daf6ee4b2780ba55c955e5ad27c2ffbc13c507

    • SHA512

      473fab47c9c489388dfe896ee9dee129e492323d116ba71ef6ee57c59c2f68c2ce486e8563d55f8284ad8f7b7cf65f1229ddc84bd2ac0eab06936ac08480ba54

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer Payload

    • suricata: ET MALWARE ISRStealer Checkin

      suricata: ET MALWARE ISRStealer Checkin

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks