Extracted

• • Target

    e264f8835236ba69a65ee098b5b55db60b258e130720521ee2f87edaa412c525

  • Size

    649KB

  • MD5

    65001e6d6cf125d88f272c004aabfbd0

  • SHA1

    7710729d91acc8f935e1246db107ff8aa122bb34

  • SHA256

    e264f8835236ba69a65ee098b5b55db60b258e130720521ee2f87edaa412c525

  • SHA512

    b19e1e366c1a5c6aca686f80eeaeb56af7b642b8ffa1c29ad18cf3168373a929deee7af9c3ed7e82870f32771d76cffb09e821b3a2067b584bc82637365d9fee

  • SSDEEP

    12288:16HAJpG7zGyB3KnlvwLI3hKkxa0mUW+sl7HowPm1n0ix3XqGt:16AM7zGqKJwLI3V2IOc1rhp

  Score

  10^/10

  isrstealersalitybackdoorcollectionevasionstealertrojanupx

  • ISR Stealer

    ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    trojanstealerisrstealer

  • ISR Stealer payload

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • NirSoft MailPassView

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Nirsoft

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Windows security modification

    evasiontrojan

  • Accesses Microsoft Outlook accounts

    collection

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2