Overview

overview

10

Static

static

abc85701a2...ea.exe

windows7-x64

10

abc85701a2...ea.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    abc85701a272392c419cad7b04d5167cc40948f629967a4d782e5d265249b5ea

  • Size

    340KB

  • Sample

    221119-hm96fahd96

  • MD5

    44a449ffdc8c450730e9d097425474a0

  • SHA1

    fd67e32c19695accdd2be5c240b29db921d5b942

  • SHA256

    abc85701a272392c419cad7b04d5167cc40948f629967a4d782e5d265249b5ea

  • SHA512

    38170832b6c13147d221643cbaf0049b12fbbca96b65eb1816df404d5c92ec4efee8e12ed934890ac6f2e3e03fc2b1bfc7d810f4837172772991b85ef80aca3d

  • SSDEEP

    6144:I5YEFGknycyAwrjpdgRCc32rmSz5bb0PEwI7QRKuE0Y1Cv:I5dRnyNPjpda72rm+/08SRKH0d

Score
10/10
isrstealercollectionstealertrojanupx

Malware Config

Targets

    • Target

      abc85701a272392c419cad7b04d5167cc40948f629967a4d782e5d265249b5ea

    • Size

      340KB

    • MD5

      44a449ffdc8c450730e9d097425474a0

    • SHA1

      fd67e32c19695accdd2be5c240b29db921d5b942

    • SHA256

      abc85701a272392c419cad7b04d5167cc40948f629967a4d782e5d265249b5ea

    • SHA512

      38170832b6c13147d221643cbaf0049b12fbbca96b65eb1816df404d5c92ec4efee8e12ed934890ac6f2e3e03fc2b1bfc7d810f4837172772991b85ef80aca3d

    • SSDEEP

      6144:I5YEFGknycyAwrjpdgRCc32rmSz5bb0PEwI7QRKuE0Y1Cv:I5dRnyNPjpda72rm+/08SRKH0d

    Score
    10/10
    isrstealercollectionstealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops startup file

    • Loads dropped DLL

    • Accesses Microsoft Outlook accounts

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks