General
-
Target
9fcd4df3eb1eb91f331faf46c53a1bf3d5101abbbbee5a3fe814e8b52446d7c5
-
Size
440KB
-
Sample
221125-vj7x5abg89
-
MD5
084e8f48e5ed5618f417450caea89bc5
-
SHA1
c21b38cdc23b66581c4f29717e0aa73cbc511943
-
SHA256
9fcd4df3eb1eb91f331faf46c53a1bf3d5101abbbbee5a3fe814e8b52446d7c5
-
SHA512
448d794289a6b2ac1ee7fede792dbc8095938612aa143f84d9f711f6931a9b24e371521a84c0d7bece56547ca1d6dffa1bb852ccf7cfac5ddacf0f0a503d2ef1
-
SSDEEP
12288:LYXihJQMcK0Ayuc2Ty0vrV4Q/tgJ9JSp5R+XysB:X+MZFv51qa5cX
Static task
static1
Behavioral task
behavioral1
Sample
9fcd4df3eb1eb91f331faf46c53a1bf3d5101abbbbee5a3fe814e8b52446d7c5.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
9fcd4df3eb1eb91f331faf46c53a1bf3d5101abbbbee5a3fe814e8b52446d7c5.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
9fcd4df3eb1eb91f331faf46c53a1bf3d5101abbbbee5a3fe814e8b52446d7c5
-
Size
440KB
-
MD5
084e8f48e5ed5618f417450caea89bc5
-
SHA1
c21b38cdc23b66581c4f29717e0aa73cbc511943
-
SHA256
9fcd4df3eb1eb91f331faf46c53a1bf3d5101abbbbee5a3fe814e8b52446d7c5
-
SHA512
448d794289a6b2ac1ee7fede792dbc8095938612aa143f84d9f711f6931a9b24e371521a84c0d7bece56547ca1d6dffa1bb852ccf7cfac5ddacf0f0a503d2ef1
-
SSDEEP
12288:LYXihJQMcK0Ayuc2Ty0vrV4Q/tgJ9JSp5R+XysB:X+MZFv51qa5cX
-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-