General

  • Target

    Halkbank,pdf.exe

  • Size

    774KB

  • Sample

    231012-h4k8msff65

  • MD5

    9b2179379bb6e1db0736ff6f0d1802d7

  • SHA1

    05224683315e5bd369459a0261627f04e2e49c31

  • SHA256

    78dda119ddc3b77095009f357809e3451bb897e51053601b1088ae5c61949097

  • SHA512

    430ad61a637fb5d315a94d753f73aabe3d25fa1cc25673fde71e88b730527c089c46b117d6dfaed84b760b0c6a6aa9729f17ec3b56e74338be0898a848388d09

  • SSDEEP

    12288:NGDOji83jDZJ0CbJOOBgVIjPLPEZkckxpG1QcA3HxiffSogx8E9k8BJQ:wCF3j9GeJOVVIjTxlL3AffSoU8+k8o

Malware Config

Targets

    • Target

      Halkbank,pdf.exe

    • Size

      774KB

    • MD5

      9b2179379bb6e1db0736ff6f0d1802d7

    • SHA1

      05224683315e5bd369459a0261627f04e2e49c31

    • SHA256

      78dda119ddc3b77095009f357809e3451bb897e51053601b1088ae5c61949097

    • SHA512

      430ad61a637fb5d315a94d753f73aabe3d25fa1cc25673fde71e88b730527c089c46b117d6dfaed84b760b0c6a6aa9729f17ec3b56e74338be0898a848388d09

    • SSDEEP

      12288:NGDOji83jDZJ0CbJOOBgVIjPLPEZkckxpG1QcA3HxiffSogx8E9k8BJQ:wCF3j9GeJOVVIjTxlL3AffSoU8+k8o

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Nirsoft

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses Microsoft Outlook accounts

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks