Overview

overview

10

Static

static

3

a99b1e4822...0f.exe

windows7-x64

10

a99b1e4822...0f.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a99b1e48221b678c4da6621cc645bf0f

  • Size

    697KB

  • Sample

    231227-jrpwqsdehp

  • MD5

    a99b1e48221b678c4da6621cc645bf0f

  • SHA1

    abbf4d11dc1ea12cdb96a13ac3fb9c7978dc078b

  • SHA256

    1ea24c494567b22d017f86556288372e708d7cfacd45472aa45568bd5102b271

  • SHA512

    ac15d68dfdc70224c698bd5515c60425d4ea202853e9504382ce950e31fa89213d132bac8cca8eec60d298ba20c6fdfb458b72450185a1b5d1e5f1fe9a0d86aa

  • SSDEEP

    12288:tirqB1AG3coGYUoQdqqJ6/uxOuMve/VOPhfFDwYl2vzcBtMmcRpaBtDnegA+G9bp:IM1AGcoktdqX/u/kPNF9lkHmWaBtn2bp

Score
10/10
isrstealercollectionspywarestealertrojanupx

Malware Config

Targets

    • Target

      a99b1e48221b678c4da6621cc645bf0f

    • Size

      697KB

    • MD5

      a99b1e48221b678c4da6621cc645bf0f

    • SHA1

      abbf4d11dc1ea12cdb96a13ac3fb9c7978dc078b

    • SHA256

      1ea24c494567b22d017f86556288372e708d7cfacd45472aa45568bd5102b271

    • SHA512

      ac15d68dfdc70224c698bd5515c60425d4ea202853e9504382ce950e31fa89213d132bac8cca8eec60d298ba20c6fdfb458b72450185a1b5d1e5f1fe9a0d86aa

    • SSDEEP

      12288:tirqB1AG3coGYUoQdqqJ6/uxOuMve/VOPhfFDwYl2vzcBtMmcRpaBtDnegA+G9bp:IM1AGcoktdqX/u/kPNF9lkHmWaBtn2bp

    Score
    10/10
    isrstealercollectionspywarestealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses Microsoft Outlook accounts

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks