Overview

overview

10

Static

static

06cb94e9ad...0b.exe

windows7-x64

10

06cb94e9ad...0b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06cb94e9ad2dd63879efa4348562618c7a452be23ba9c027f10494f6ccd06b0b

  • Size

    442KB

  • Sample

    221029-qq749ahah2

  • MD5

    e9f284da93d2882046600352d5ecaff3

  • SHA1

    2ea6afa2298e4e5141d55ec2cc9e8b912f878d4c

  • SHA256

    06cb94e9ad2dd63879efa4348562618c7a452be23ba9c027f10494f6ccd06b0b

  • SHA512

    b4c5ef7033a33e789772dc8d3a4c0dff8f9957f49f2f9d11a5ae6bd343986dfb9f228c3b7639f3f2eff38913d085b969292ceb961980d01cff7620c6293979c9

  • SSDEEP

    6144:AyYJ+i8vz8qcuA7eIofcQhmx7/pJ5xqNbWxi0HHvgmni:AB+i8rjSeJUQhmVHqNbU

Score
10/10
isrstealercollectionstealertrojanupx

Malware Config

Targets

    • Target

      06cb94e9ad2dd63879efa4348562618c7a452be23ba9c027f10494f6ccd06b0b

    • Size

      442KB

    • MD5

      e9f284da93d2882046600352d5ecaff3

    • SHA1

      2ea6afa2298e4e5141d55ec2cc9e8b912f878d4c

    • SHA256

      06cb94e9ad2dd63879efa4348562618c7a452be23ba9c027f10494f6ccd06b0b

    • SHA512

      b4c5ef7033a33e789772dc8d3a4c0dff8f9957f49f2f9d11a5ae6bd343986dfb9f228c3b7639f3f2eff38913d085b969292ceb961980d01cff7620c6293979c9

    • SSDEEP

      6144:AyYJ+i8vz8qcuA7eIofcQhmx7/pJ5xqNbWxi0HHvgmni:AB+i8rjSeJUQhmVHqNbU

    Score
    10/10
    isrstealercollectionstealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks