General

  • Target

    d1ae621a5ae448b701a5851ceed40a62af5182e38ebf806ee771cb3f2f272f56

  • Size

    354KB

  • Sample

    221129-n4mz5aae4t

  • MD5

    b2ec0902adba3b24f3131e158e1ba8a0

  • SHA1

    7251fc7a660ea55e91075c4ded01dd7281454924

  • SHA256

    d1ae621a5ae448b701a5851ceed40a62af5182e38ebf806ee771cb3f2f272f56

  • SHA512

    91f43c8121a0a19703bcfb281b4c21f8075c15efc439b99d44e72755e06337a84f5ebd4e63623af48bbc45e4a7ccffbe0cc6913798a272da63e195d74a2412ea

  • SSDEEP

    6144:o5Iq92w/FkXj4YigClM7pSXtQW6q8fPLkFqqmdkh8uQ549rn3p8l0:oNNeT4UCKpS9QU8wFqsLl998l

Malware Config

Targets

    • Target

      d1ae621a5ae448b701a5851ceed40a62af5182e38ebf806ee771cb3f2f272f56

    • Size

      354KB

    • MD5

      b2ec0902adba3b24f3131e158e1ba8a0

    • SHA1

      7251fc7a660ea55e91075c4ded01dd7281454924

    • SHA256

      d1ae621a5ae448b701a5851ceed40a62af5182e38ebf806ee771cb3f2f272f56

    • SHA512

      91f43c8121a0a19703bcfb281b4c21f8075c15efc439b99d44e72755e06337a84f5ebd4e63623af48bbc45e4a7ccffbe0cc6913798a272da63e195d74a2412ea

    • SSDEEP

      6144:o5Iq92w/FkXj4YigClM7pSXtQW6q8fPLkFqqmdkh8uQ549rn3p8l0:oNNeT4UCKpS9QU8wFqsLl998l

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks