General

  • Target

    a3b3db39a3f9f5b28ed6e27f18c0ae7c1dafb1353d3698279bc3e46c8bc1124a

  • Size

    1.1MB

  • Sample

    221123-lwwk7acd88

  • MD5

    018241640ae3cf3433590e6edd6816c7

  • SHA1

    f8c70938a4bcb28530161d53f3e9732f1f14d2d2

  • SHA256

    a3b3db39a3f9f5b28ed6e27f18c0ae7c1dafb1353d3698279bc3e46c8bc1124a

  • SHA512

    9d8541e33446c2e12a177d46cacf262c749225df31ca65360605826094eafa3b8c2eee583b511b432e90799c722626d27f1cb71108000cbfdbb8c300e9bc9bf8

  • SSDEEP

    24576:8RmJkqoQrilOIQ+yMxGaCAK0SQOb/yIwhCtS:tJXoQryTiMxGaCLOOb/yhQS

Malware Config

Targets

    • Target

      a3b3db39a3f9f5b28ed6e27f18c0ae7c1dafb1353d3698279bc3e46c8bc1124a

    • Size

      1.1MB

    • MD5

      018241640ae3cf3433590e6edd6816c7

    • SHA1

      f8c70938a4bcb28530161d53f3e9732f1f14d2d2

    • SHA256

      a3b3db39a3f9f5b28ed6e27f18c0ae7c1dafb1353d3698279bc3e46c8bc1124a

    • SHA512

      9d8541e33446c2e12a177d46cacf262c749225df31ca65360605826094eafa3b8c2eee583b511b432e90799c722626d27f1cb71108000cbfdbb8c300e9bc9bf8

    • SSDEEP

      24576:8RmJkqoQrilOIQ+yMxGaCAK0SQOb/yIwhCtS:tJXoQryTiMxGaCLOOb/yhQS

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks