Overview

overview

10

Static

static

4417e1a32e...12.exe

windows7-x64

10

4417e1a32e...12.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4417e1a32e2bd681dd94077a12464d2d27efdc64fa219021fffa1b704eea5512

  • Size

    385KB

  • Sample

    221001-3w2kwadhaj

  • MD5

    8d03ddeb4a45cc5cf864f732c098b0b6

  • SHA1

    b1e49e2ef7991bbe5dfc659b081eee6d01e6984e

  • SHA256

    4417e1a32e2bd681dd94077a12464d2d27efdc64fa219021fffa1b704eea5512

  • SHA512

    1f65903cee3bba83f7729d5beab07302e0d12021343578b85586704e68bf22ffe630bf6d6690ff1be8ff74b3389431a858b90d2093f4e76e42146de694c61594

  • SSDEEP

    6144:qb7oxSwhH71/raQi87rDOzpRC/d/+hPH2mdIaWTshmQ2xJ/lyFjP0m:GoxFhh/ramnGpY/dGhPH2+WTeb

Score
10/10
isrstealercollectionstealertrojanupx

Malware Config

Targets

    • Target

      4417e1a32e2bd681dd94077a12464d2d27efdc64fa219021fffa1b704eea5512

    • Size

      385KB

    • MD5

      8d03ddeb4a45cc5cf864f732c098b0b6

    • SHA1

      b1e49e2ef7991bbe5dfc659b081eee6d01e6984e

    • SHA256

      4417e1a32e2bd681dd94077a12464d2d27efdc64fa219021fffa1b704eea5512

    • SHA512

      1f65903cee3bba83f7729d5beab07302e0d12021343578b85586704e68bf22ffe630bf6d6690ff1be8ff74b3389431a858b90d2093f4e76e42146de694c61594

    • SSDEEP

      6144:qb7oxSwhH71/raQi87rDOzpRC/d/+hPH2mdIaWTshmQ2xJ/lyFjP0m:GoxFhh/ramnGpY/dGhPH2+WTeb

    Score
    10/10
    isrstealercollectionstealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks