General

  • Target

    4b4df849759c4377308e8126e7baee0bf0384fed2dfe03e9273f7cc9069c5b68

  • Size

    426KB

  • Sample

    220712-psk7tsdah8

  • MD5

    0c126915720c2dfabaa824598a7aa0c6

  • SHA1

    777c3fdb4c8f7572687cb107040103e796996849

  • SHA256

    4b4df849759c4377308e8126e7baee0bf0384fed2dfe03e9273f7cc9069c5b68

  • SHA512

    254bfdcb8465f01d3b321a2c5ef347f41f9c4f2e822fb9d64fc1263aa39c65d7cdbdb62c897ad4057cc6ce103959020eeb8a638c536528a9cf2b94f0935fe18e

Malware Config

Targets

    • Target

      4b4df849759c4377308e8126e7baee0bf0384fed2dfe03e9273f7cc9069c5b68

    • Size

      426KB

    • MD5

      0c126915720c2dfabaa824598a7aa0c6

    • SHA1

      777c3fdb4c8f7572687cb107040103e796996849

    • SHA256

      4b4df849759c4377308e8126e7baee0bf0384fed2dfe03e9273f7cc9069c5b68

    • SHA512

      254bfdcb8465f01d3b321a2c5ef347f41f9c4f2e822fb9d64fc1263aa39c65d7cdbdb62c897ad4057cc6ce103959020eeb8a638c536528a9cf2b94f0935fe18e

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks