Extracted

• • Target

    Program+AV.exe

  • Size

    324KB

  • MD5

    78d9cb982a496687178b3c69bbac9083

  • SHA1

    e3e646ff0382d65a66233fc762352318f0833812

  • SHA256

    e177d7646310a42421b4521bd417641e11d883a5d8d9f825dd1019cd359e02a7

  • SHA512

    245789d885189e21d1c6fede47d1e330553d52a16808b89ceb260c0ba8f4fcd9935298509c96803f9ea7ef6932704d745479265169cba3a28c9df7d99ca24e13

  • SSDEEP

    6144:XTqPRgdIKCC0ef//uXltKc+LVsz9b8mcKuiQavkdCH8ij:7dFeCXuLKcCVsz6mcKuDavkdC

  Score

  7^/10

  spywarestealerupx

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Suspicious use of SetThreadContext

  behavioral1behavioral2

• • Target

    Program+NoAV.exe

  • Size

    1.9MB

  • MD5

    f8a53245f72a0a9c47b1b6ed1a68a73c

  • SHA1

    f8983adea5437ed33a8c4625981ad865d491d973

  • SHA256

    cd288d62360691a8fc532f3f39169b91ea1a849e4a766d3d6981be36c4ed318d

  • SHA512

    8e0c6445ae75badf2748be74f5ce90457fdf583869ec33b196b08986fb80dca67cd74544780c916e47d5973562e14be23ed2da9cc435403f342b60406ad6ef7f

  • SSDEEP

    24576:/5dZufOrzvckB+Fr+waFHTcqunNW3QdWvPiVD2CWgrUE94FFs+n9rQOF8n3M/JS2:/5dVwPaFHTTgkAAn2IQ39y9rRF85HjSH

  Score

  10^/10

  isrstealerspywarestealertrojanupx

  • ISR Stealer

    ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    trojanstealerisrstealer

  • ISR Stealer payload

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Suspicious use of SetThreadContext

  behavioral3behavioral4

• • Target

    Program-AV.exe

  • Size

    481KB

  • MD5

    388081326284408e001afd75a487e7ec

  • SHA1

    e2893916edaec8a1983c7f9003d8eff2092d644a

  • SHA256

    b41f23e98e5fbac64219b9e40408cf5aaf7cf3b0dc3a28a91b179cdbc1d5146d

  • SHA512

    18039cb21b0a37a47dc60e2185bc2d2975d25cd04ae74cf194625be8467d8609bbe09f640d16d89a0b18e2b8ee8f4fb9da96a6faefbb585ec83c0c28cfab7c44

  • SSDEEP

    6144:x0jUca5+gfpUOiQLTTwBCtaJppYWH/JskNAVNeN584eeD14ootXCAlAVPg:x0Yco+gunQUBCEAWfykqVNeN24ezlAtg

  Score

  10^/10

  evasionpersistenceprivilege_escalationspywarestealerupx

  • Detected Nirsoft tools

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • Modifies Windows Firewall

    evasion

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  behavioral5behavioral6

• • Target

    Program-NoAV.exe

  • Size

    2.1MB

  • MD5

    e4d01f16508ca1f67ba00a98a42fa2ff

  • SHA1

    0654d678a97da50a9838c20c23d4ff82e3952e34

  • SHA256

    f9412ae2c48400f464de1b60d2b290ba00cf62073df1bc6dec1272915a1aed39

  • SHA512

    61ad4ddbf24213e29b3710a0f5279eef8a0011b61097c9a3484cef00405be06f9068767f5049dc81e02b523a85aa834e4753d7d59d2ad804c1e4a8c8a8ffb8a1

  • SSDEEP

    49152:/5dVwPaFHTTgkAAn2IQ39y9rRF8HIyOisq:RdW4lQw5RF8/

  Score

  7^/10

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral7behavioral8