General

  • Target

    c4d20a36d9f0e1ca758818b3be981779

  • Size

    606KB

  • Sample

    240313-dmr8eadc96

  • MD5

    c4d20a36d9f0e1ca758818b3be981779

  • SHA1

    2d55fcb91c41aa7d63f240fc1c5a49c919cc4487

  • SHA256

    1fbf779d7f1d4dfe9cd3f7c84c6e5763bb77530acc11732563e7abaeaba65a93

  • SHA512

    e926955240c20b52d885a3471bd422cf0903e49260595419cdef1851676539b84379c1a6959a8ef9452352035f443052886d0a10c913da91824a0a0ae5e77ffe

  • SSDEEP

    12288:DrVRbtxoNY4psjC6bswqW4jV//1iVs9odGn:DrFuJVMFMie9odO

Malware Config

Targets

    • Target

      c4d20a36d9f0e1ca758818b3be981779

    • Size

      606KB

    • MD5

      c4d20a36d9f0e1ca758818b3be981779

    • SHA1

      2d55fcb91c41aa7d63f240fc1c5a49c919cc4487

    • SHA256

      1fbf779d7f1d4dfe9cd3f7c84c6e5763bb77530acc11732563e7abaeaba65a93

    • SHA512

      e926955240c20b52d885a3471bd422cf0903e49260595419cdef1851676539b84379c1a6959a8ef9452352035f443052886d0a10c913da91824a0a0ae5e77ffe

    • SSDEEP

      12288:DrVRbtxoNY4psjC6bswqW4jV//1iVs9odGn:DrFuJVMFMie9odO

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks