General

  • Target

    92810bfa22f1d71451860ab5ca81931a9e77218e89020e207438e19aa387840f

  • Size

    1012KB

  • Sample

    221128-v7wvrsch36

  • MD5

    98d0000c28ed30d94374762113976b75

  • SHA1

    60ceb509382e6309855d32cfcc99b34d782bd083

  • SHA256

    92810bfa22f1d71451860ab5ca81931a9e77218e89020e207438e19aa387840f

  • SHA512

    c1f3586a7b79c74de0b3ea7eb6d13c925d98655491ce043a9db56feef80c9b40e29f86b9e8d3e94328fc6c51722dc91e4e93b37beb15be97a4bbe8842f7ff1fa

  • SSDEEP

    24576:2vzgO5yKsUaSuErRWNoEb0RkxFdtBNN57:zO5jGErsNrcc75

Malware Config

Targets

    • Target

      92810bfa22f1d71451860ab5ca81931a9e77218e89020e207438e19aa387840f

    • Size

      1012KB

    • MD5

      98d0000c28ed30d94374762113976b75

    • SHA1

      60ceb509382e6309855d32cfcc99b34d782bd083

    • SHA256

      92810bfa22f1d71451860ab5ca81931a9e77218e89020e207438e19aa387840f

    • SHA512

      c1f3586a7b79c74de0b3ea7eb6d13c925d98655491ce043a9db56feef80c9b40e29f86b9e8d3e94328fc6c51722dc91e4e93b37beb15be97a4bbe8842f7ff1fa

    • SSDEEP

      24576:2vzgO5yKsUaSuErRWNoEb0RkxFdtBNN57:zO5jGErsNrcc75

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Collection

Email Collection

1
T1114

Tasks