Overview

overview

10

Static

static

67a5726287...19.exe

windows7-x64

10

67a5726287...19.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    67a572628783d938e92197ee95b706633f0c32719109f5bde8622a33e934d619

  • Size

    899KB

  • Sample

    221106-l3hmxahbbm

  • MD5

    21754d03fc630d0941e6274fdb3bab17

  • SHA1

    5c8f1db48fcd279769971517061386fb6bdefe78

  • SHA256

    67a572628783d938e92197ee95b706633f0c32719109f5bde8622a33e934d619

  • SHA512

    c92c470054fb5967cde5fc1fa1926f057738bc5508f7271af31ac828191213fab12616a136cf5a8ffa272102d17db34b98c51f7cc743fddf33c2da4c5283c412

  • SSDEEP

    12288:kRWNcr8oxnOS90QbJa6QE/rI+D00FsG0B3mgDnDK23nwAklwGgG0rWl6VIE2bSqV:/NBIO0/LIV0KG0BWOnDdn/kl4BrrF2fV

Score
10/10
isrstealercollectionstealertrojanupx

Malware Config

Targets

    • Target

      67a572628783d938e92197ee95b706633f0c32719109f5bde8622a33e934d619

    • Size

      899KB

    • MD5

      21754d03fc630d0941e6274fdb3bab17

    • SHA1

      5c8f1db48fcd279769971517061386fb6bdefe78

    • SHA256

      67a572628783d938e92197ee95b706633f0c32719109f5bde8622a33e934d619

    • SHA512

      c92c470054fb5967cde5fc1fa1926f057738bc5508f7271af31ac828191213fab12616a136cf5a8ffa272102d17db34b98c51f7cc743fddf33c2da4c5283c412

    • SSDEEP

      12288:kRWNcr8oxnOS90QbJa6QE/rI+D00FsG0B3mgDnDK23nwAklwGgG0rWl6VIE2bSqV:/NBIO0/LIV0KG0BWOnDdn/kl4BrrF2fV

    Score
    10/10
    isrstealercollectionstealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Accesses Microsoft Outlook accounts

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks