Overview

overview

10

Static

static

8600ba5fe6...f4.exe

windows7-x64

10

8600ba5fe6...f4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8600ba5fe6af2bb5f70e162bf22e34bf558a2dd9820ba50e2e5e2cdf71c3e5f4

  • Size

    732KB

  • Sample

    221029-arax5sdeb2

  • MD5

    0c0d93d9f6bdf6d06f2f5365bfce847f

  • SHA1

    14ce91343363e99b28b66a459dcf22daccd3ec55

  • SHA256

    8600ba5fe6af2bb5f70e162bf22e34bf558a2dd9820ba50e2e5e2cdf71c3e5f4

  • SHA512

    56817e714e9b051ee0577a69b21804548aaf868603d55ce845268e8b1b77c5b77a2ffee0bdbe3064af05f7d12611bef081dc7eb20e38858700dfba1fbf25db6b

  • SSDEEP

    12288:iGKeZUuWhwjwZbwd1WT9uUY+N32aGvUpRMguefuOl7dlEm:fHuuGwdoTbBAWcyvEm

Score
10/10
isrstealerpersistencestealertrojanupx

Malware Config

Targets

    • Target

      8600ba5fe6af2bb5f70e162bf22e34bf558a2dd9820ba50e2e5e2cdf71c3e5f4

    • Size

      732KB

    • MD5

      0c0d93d9f6bdf6d06f2f5365bfce847f

    • SHA1

      14ce91343363e99b28b66a459dcf22daccd3ec55

    • SHA256

      8600ba5fe6af2bb5f70e162bf22e34bf558a2dd9820ba50e2e5e2cdf71c3e5f4

    • SHA512

      56817e714e9b051ee0577a69b21804548aaf868603d55ce845268e8b1b77c5b77a2ffee0bdbe3064af05f7d12611bef081dc7eb20e38858700dfba1fbf25db6b

    • SSDEEP

      12288:iGKeZUuWhwjwZbwd1WT9uUY+N32aGvUpRMguefuOl7dlEm:fHuuGwdoTbBAWcyvEm

    Score
    10/10
    isrstealerpersistencestealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks