Overview

overview

10

Static

static

966c8b6ae0...85.exe

windows7-x64

10

966c8b6ae0...85.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    966c8b6ae047e13474bf29b3cd01584730c94f54b942b50b6346639c798ea585

  • Size

    420KB

  • Sample

    221125-vj93gsfa61

  • MD5

    e774bca504985440420fe73b75dc00cc

  • SHA1

    368fa03327594d06b8e421b74b1de49bf0780de9

  • SHA256

    966c8b6ae047e13474bf29b3cd01584730c94f54b942b50b6346639c798ea585

  • SHA512

    245416bdff73f6d133ecd33d514a77ce1e9ab88226dcb731581bae923d1c1feab66a5364e3670b91d4840e5b80771cd551d632c6c200b002153bce3164381761

  • SSDEEP

    6144:D/VmalBrqaKxs+j26ld4h6LpNkVTqgL4/YitLJuTtnQoniQGZpvIszTuoFZL:RmOHK9KVTqgLaYitLUTyNQo1Tuo

Score
10/10
isrstealercollectionpersistencespywarestealertrojanupx

Malware Config

Targets

    • Target

      966c8b6ae047e13474bf29b3cd01584730c94f54b942b50b6346639c798ea585

    • Size

      420KB

    • MD5

      e774bca504985440420fe73b75dc00cc

    • SHA1

      368fa03327594d06b8e421b74b1de49bf0780de9

    • SHA256

      966c8b6ae047e13474bf29b3cd01584730c94f54b942b50b6346639c798ea585

    • SHA512

      245416bdff73f6d133ecd33d514a77ce1e9ab88226dcb731581bae923d1c1feab66a5364e3670b91d4840e5b80771cd551d632c6c200b002153bce3164381761

    • SSDEEP

      6144:D/VmalBrqaKxs+j26ld4h6LpNkVTqgL4/YitLJuTtnQoniQGZpvIszTuoFZL:RmOHK9KVTqgLaYitLUTyNQo1Tuo

    Score
    10/10
    isrstealercollectionpersistencespywarestealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks