General

  • Target

    0c328b00fd4cad09fafcacfb8fa6d5c4d93368a4f4d5447761750277dc008282

  • Size

    1012KB

  • Sample

    221128-w19zgsfc88

  • MD5

    8807ef7bf3e5259c6ce9cb1eb168c77b

  • SHA1

    d44898854fbacacba34f064d57c4fa88223a6747

  • SHA256

    0c328b00fd4cad09fafcacfb8fa6d5c4d93368a4f4d5447761750277dc008282

  • SHA512

    756ce8d1db71e0c15c77521357b631f7ad7e79b465b3d34c9c9e7bc5d57404740c07bc0db9fea29d5b0e6131f23e41ffa9531c5e902bd8a5e611743fb74d5b66

  • SSDEEP

    24576:Q6gh1zkTrXaiSjhbEngC8v48ZKSUL3hxG1K0gDzfTvTB0UJk4u4Qz5/CmWLX7U:rQniSjhbEgCcZKpdv9VW40zVUL

Malware Config

Targets

    • Target

      0c328b00fd4cad09fafcacfb8fa6d5c4d93368a4f4d5447761750277dc008282

    • Size

      1012KB

    • MD5

      8807ef7bf3e5259c6ce9cb1eb168c77b

    • SHA1

      d44898854fbacacba34f064d57c4fa88223a6747

    • SHA256

      0c328b00fd4cad09fafcacfb8fa6d5c4d93368a4f4d5447761750277dc008282

    • SHA512

      756ce8d1db71e0c15c77521357b631f7ad7e79b465b3d34c9c9e7bc5d57404740c07bc0db9fea29d5b0e6131f23e41ffa9531c5e902bd8a5e611743fb74d5b66

    • SSDEEP

      24576:Q6gh1zkTrXaiSjhbEngC8v48ZKSUL3hxG1K0gDzfTvTB0UJk4u4Qz5/CmWLX7U:rQniSjhbEgCcZKpdv9VW40zVUL

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Collection

Email Collection

1
T1114

Tasks