Overview

overview

10

Static

static

5

2b0869ed13...80.exe

windows7-x64

10

2b0869ed13...80.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2b0869ed13928d6b584dbefa2e15faa1fd377f93d4ef31a187e468ca432a6380

  • Size

    1.7MB

  • Sample

    220919-elt62sbcgp

  • MD5

    9068cdecf8eb0c742708d88e3a4094ec

  • SHA1

    c1132523dc959449f444e337c62d96dfd7f8ebb6

  • SHA256

    2b0869ed13928d6b584dbefa2e15faa1fd377f93d4ef31a187e468ca432a6380

  • SHA512

    d7793a3ea008023bc25a4c6485e4178aae9f95fbf367c5044a939e9356c8911e9309c99c643b7566f5d426cc9b99d05f11f4aba71447afedd35e474558af4745

  • SSDEEP

    24576:DRmJkcoQricOIQxiZY1iaWQ6h8Q/7fBQFKr0iiH0sUyNHtv4au9VicGrovOLDB3K:wJZoQrbTFZY1ia94BpxiH00vACLL9O3L

Score
10/10
isrstealercollectionpersistencespywarestealertrojanupx

Malware Config

Targets

    • Target

      2b0869ed13928d6b584dbefa2e15faa1fd377f93d4ef31a187e468ca432a6380

    • Size

      1.7MB

    • MD5

      9068cdecf8eb0c742708d88e3a4094ec

    • SHA1

      c1132523dc959449f444e337c62d96dfd7f8ebb6

    • SHA256

      2b0869ed13928d6b584dbefa2e15faa1fd377f93d4ef31a187e468ca432a6380

    • SHA512

      d7793a3ea008023bc25a4c6485e4178aae9f95fbf367c5044a939e9356c8911e9309c99c643b7566f5d426cc9b99d05f11f4aba71447afedd35e474558af4745

    • SSDEEP

      24576:DRmJkcoQricOIQxiZY1iaWQ6h8Q/7fBQFKr0iiH0sUyNHtv4au9VicGrovOLDB3K:wJZoQrbTFZY1ia94BpxiH00vACLL9O3L

    Score
    10/10
    isrstealercollectionpersistencespywarestealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks