General

  • Target

    e9aa538880b28eaf56908bf44eb2d0db6690c9588224d68fc7f7ed50cb2022c0

  • Size

    428KB

  • Sample

    221011-rzn86saag8

  • MD5

    4ee385fa9e0f5e74edd7ea0d934c910e

  • SHA1

    c36832e47c5b567019709ac3dc7bb661b9805096

  • SHA256

    e9aa538880b28eaf56908bf44eb2d0db6690c9588224d68fc7f7ed50cb2022c0

  • SHA512

    914c7237ff0698440de85483bb85fdade779b2368714c9e5b174c09710a323e218996deb14b49e0124b1fd6ffd62de966f6f6364a37705bc33030ba842559e93

  • SSDEEP

    12288:MuV2Qf1qkkAucZSvfooQZPPL2w07O5IISjQXEzw6o9GjE9cgd:bHYjcZSvjmqw06O3Q0MCE9cgd

Malware Config

Targets

    • Target

      e9aa538880b28eaf56908bf44eb2d0db6690c9588224d68fc7f7ed50cb2022c0

    • Size

      428KB

    • MD5

      4ee385fa9e0f5e74edd7ea0d934c910e

    • SHA1

      c36832e47c5b567019709ac3dc7bb661b9805096

    • SHA256

      e9aa538880b28eaf56908bf44eb2d0db6690c9588224d68fc7f7ed50cb2022c0

    • SHA512

      914c7237ff0698440de85483bb85fdade779b2368714c9e5b174c09710a323e218996deb14b49e0124b1fd6ffd62de966f6f6364a37705bc33030ba842559e93

    • SSDEEP

      12288:MuV2Qf1qkkAucZSvfooQZPPL2w07O5IISjQXEzw6o9GjE9cgd:bHYjcZSvjmqw06O3Q0MCE9cgd

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks