Overview

overview

10

Static

static

Full Versi...ad.url

windows7-x64

1

Full Versi...ad.url

windows10-2004-x64

1

RAR.Passwo...ad.url

windows7-x64

1

RAR.Passwo...ad.url

windows10-2004-x64

1

RAR.Passwo...ed.exe

windows7-x64

10

RAR.Passwo...ed.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f356de0347d6efa811f74d0b4d4829f7a00afba2d00bd6735306154be886f8a6

  • Size

    3.3MB

  • Sample

    221125-1adwksbb2v

  • MD5

    e6ff41d913591b04ce0ad97a7b854b51

  • SHA1

    ecc2d19be7ca8a93f4c958470b34104201a60b6e

  • SHA256

    f356de0347d6efa811f74d0b4d4829f7a00afba2d00bd6735306154be886f8a6

  • SHA512

    6f460900a66f1389a898abce8646cd9c871f9ac5416ccf85dbda52aaf05111bf2e9799d0ccc491fa851541e763bbb8728cecd53f906af813761974fbe270ac1f

  • SSDEEP

    98304:2AREbO04pSznYO3a6FJ4KNtNyG+bjH0Qa:DDMba+JHN/J80Qa

Score
10/10
isrstealerspywarestealertrojan

Malware Config

Targets

    • Target

      Full Version Softwares Free Download.url

    • Size

      127B

    • MD5

      e9d782b636146a560d41b6de63c5f045

    • SHA1

      e7605f15e31922feda062c877852ae01c50fd402

    • SHA256

      7e4e3877070041511fa39752edd3f878a69fe7f03ccc8ad293236b881476fcd8

    • SHA512

      fce982c3f60677a823ee2d7f1537ea358bddc32e0d905c5c66a447e8b85e1b9613df9e62497ef64b010d91945c2bffcf85f504d5a866e7ad8348059696f7e3bf

    Score
    1/10
    behavioral1behavioral2

    • Target

      RAR.Password.Unlocker.v4.2.0.0.Cracked-softwarespro.com/Full Version Softwares Free Download.url

    • Size

      127B

    • MD5

      e9d782b636146a560d41b6de63c5f045

    • SHA1

      e7605f15e31922feda062c877852ae01c50fd402

    • SHA256

      7e4e3877070041511fa39752edd3f878a69fe7f03ccc8ad293236b881476fcd8

    • SHA512

      fce982c3f60677a823ee2d7f1537ea358bddc32e0d905c5c66a447e8b85e1b9613df9e62497ef64b010d91945c2bffcf85f504d5a866e7ad8348059696f7e3bf

    Score
    1/10
    behavioral3behavioral4

    • Target

      RAR.Password.Unlocker.v4.2.0.0.Cracked-softwarespro.com/rar_password_unlocker_Cracked.exe

    • Size

      3.3MB

    • MD5

      4b7288cc3f26ddaf43922439cd27bfef

    • SHA1

      527d6c33a0abdbec2e49836b68cc969c5a149e1d

    • SHA256

      5ff13c3b1e49b4736062059d640dd618c15a64155b4f07eb9ebb3cb8326ec1e0

    • SHA512

      6a8c4901cbcf73cee31609a64b02db258989202fd9afb523612d9ad32669a58f4b665744f26aa6af57981a19921b3f53bc8f7a017abfd765ba47a05c75866175

    • SSDEEP

      98304:a7y1Oyo1ghVwkHO6xNqcp9RccMFa+TgcXc9:4GFOMNlpXlz8gcM

    Score
    10/10
    isrstealerspywarestealertrojan

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks