Overview

overview

10

Static

static

aeabb18d64...6b.exe

windows7-x64

10

aeabb18d64...6b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aeabb18d64466d00561d4ab395b38779badd9af7e8717c786f4f3c9b5642626b

  • Size

    23.5MB

  • Sample

    221201-pbnxdseh73

  • MD5

    e17a7c4417c086c76088a9f7137a6f19

  • SHA1

    e7b0eee920e93afe87d1335f643315870433b453

  • SHA256

    aeabb18d64466d00561d4ab395b38779badd9af7e8717c786f4f3c9b5642626b

  • SHA512

    c3847724164c84a4018a1c2dedbe121b400d8fa595d103707fee9984973a4d2f63e70e8cbf089abdc27b0cf49c40a6f20102faef4d7669a7be2af5057aed6942

  • SSDEEP

    393216:8CEqpFV8IdKGi/EJs/9SYN7vO6Nqsx2tYeA7+l8vjhAD6UAvt7c902kMdi0e6Vlg:91XkEJvYNF8sxQYX6C13t7ca2dXpSw8p

Score
10/10
isrstealercollectionspywarestealertrojanupx

Malware Config

Targets

    • Target

      aeabb18d64466d00561d4ab395b38779badd9af7e8717c786f4f3c9b5642626b

    • Size

      23.5MB

    • MD5

      e17a7c4417c086c76088a9f7137a6f19

    • SHA1

      e7b0eee920e93afe87d1335f643315870433b453

    • SHA256

      aeabb18d64466d00561d4ab395b38779badd9af7e8717c786f4f3c9b5642626b

    • SHA512

      c3847724164c84a4018a1c2dedbe121b400d8fa595d103707fee9984973a4d2f63e70e8cbf089abdc27b0cf49c40a6f20102faef4d7669a7be2af5057aed6942

    • SSDEEP

      393216:8CEqpFV8IdKGi/EJs/9SYN7vO6Nqsx2tYeA7+l8vjhAD6UAvt7c902kMdi0e6Vlg:91XkEJvYNF8sxQYX6C13t7ca2dXpSw8p

    Score
    10/10
    isrstealercollectionspywarestealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook accounts

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks