Overview

overview

10

Static

static

fd8aea8afe...1a.exe

windows7-x64

10

fd8aea8afe...1a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fd8aea8afeba8a171afc6b81a9c0a418be0b90c7a8cffccb3f1712333377191a

  • Size

    2.2MB

  • Sample

    221201-s87mjsdc82

  • MD5

    306e9be63813dcd81bc3a74871f0a665

  • SHA1

    900848f008d7bcac739b63899821778ce7c13e0f

  • SHA256

    fd8aea8afeba8a171afc6b81a9c0a418be0b90c7a8cffccb3f1712333377191a

  • SHA512

    500431564a290b4500b1a175dbab5d2c50fcea8a93aca1d91bf0658ffc3402134a2fad1820d979f8c2ba2aa9c51519f771d9d64ad45f6147f0d6cf8e0ef36527

  • SSDEEP

    49152:TSxosGgMLBfPxuvwvbTzzNNeICqMCF9g8yUyPzeljVJb6nHAiBvfP:TSx3GggBg4vHPNNBCqM+bv8CLfiBf

Score
10/10
isrstealerstealertrojan

Malware Config

Targets

    • Target

      fd8aea8afeba8a171afc6b81a9c0a418be0b90c7a8cffccb3f1712333377191a

    • Size

      2.2MB

    • MD5

      306e9be63813dcd81bc3a74871f0a665

    • SHA1

      900848f008d7bcac739b63899821778ce7c13e0f

    • SHA256

      fd8aea8afeba8a171afc6b81a9c0a418be0b90c7a8cffccb3f1712333377191a

    • SHA512

      500431564a290b4500b1a175dbab5d2c50fcea8a93aca1d91bf0658ffc3402134a2fad1820d979f8c2ba2aa9c51519f771d9d64ad45f6147f0d6cf8e0ef36527

    • SSDEEP

      49152:TSxosGgMLBfPxuvwvbTzzNNeICqMCF9g8yUyPzeljVJb6nHAiBvfP:TSx3GggBg4vHPNNBCqM+bv8CLfiBf

    Score
    10/10
    isrstealerstealertrojan

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks