General

  • Target

    46c793e8906a8e947c7568b0f89da56679295439ae4572154a54b6d159e4f4cf

  • Size

    472KB

  • Sample

    220919-dgbngahchk

  • MD5

    5d8aceb734896b239682999bb43863c8

  • SHA1

    5b57caba37f2da148f0ca629ed67312d48ee1323

  • SHA256

    46c793e8906a8e947c7568b0f89da56679295439ae4572154a54b6d159e4f4cf

  • SHA512

    0c38d21a65662bf22f6b0f5154a42fd3b5cf7d060a4ce692b20538a5a51b02f530324c3c510184c1190a2c35a12fb25b1610d9ac489bb6805d54b59852974699

  • SSDEEP

    6144:+RbhDcHAscH3/wIHzeybjrHztun2qF46Cn6LqU0jM68y1o+XO2U8:xHAX1HzprHztueH6LqkI1o+o

Malware Config

Targets

    • Target

      46c793e8906a8e947c7568b0f89da56679295439ae4572154a54b6d159e4f4cf

    • Size

      472KB

    • MD5

      5d8aceb734896b239682999bb43863c8

    • SHA1

      5b57caba37f2da148f0ca629ed67312d48ee1323

    • SHA256

      46c793e8906a8e947c7568b0f89da56679295439ae4572154a54b6d159e4f4cf

    • SHA512

      0c38d21a65662bf22f6b0f5154a42fd3b5cf7d060a4ce692b20538a5a51b02f530324c3c510184c1190a2c35a12fb25b1610d9ac489bb6805d54b59852974699

    • SSDEEP

      6144:+RbhDcHAscH3/wIHzeybjrHztun2qF46Cn6LqU0jM68y1o+XO2U8:xHAX1HzprHztueH6LqkI1o+o

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks