Overview

overview

10

Static

static

3

b75f309d88...0N.exe

windows7-x64

10

b75f309d88...0N.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b75f309d88620c995b418917912db7d0N.exe

  • Size

    711KB

  • Sample

    240907-f356baxajq

  • MD5

    b75f309d88620c995b418917912db7d0

  • SHA1

    7f221fc97cea79ed5fe18aae47ed95d0507e7547

  • SHA256

    bb60d6c5bd46b7aee32070f70166778babb3497b580d1f4ff9b70ff86215587b

  • SHA512

    4f793d0f588c489ab25315046b7a9ef60b8fe18bd03f06cba3c3bd807529948e75c205de20f97d5435629c8911eacdf3690c4c4b5dfa7a25ce7bdee77bec6275

  • SSDEEP

    12288:0Ed1lD17qtYpDGZmOQie4eOpn991X5pPOa57o0tYgWKnuxEj+BwkJHFQ1DO:0EblD17qsGZ6v4PPFqc7DWK4++fUDO

Score
10/10
isrstealercollectioncredential_accessdiscoveryspywarestealertrojanupx

Malware Config

Targets

    • Target

      b75f309d88620c995b418917912db7d0N.exe

    • Size

      711KB

    • MD5

      b75f309d88620c995b418917912db7d0

    • SHA1

      7f221fc97cea79ed5fe18aae47ed95d0507e7547

    • SHA256

      bb60d6c5bd46b7aee32070f70166778babb3497b580d1f4ff9b70ff86215587b

    • SHA512

      4f793d0f588c489ab25315046b7a9ef60b8fe18bd03f06cba3c3bd807529948e75c205de20f97d5435629c8911eacdf3690c4c4b5dfa7a25ce7bdee77bec6275

    • SSDEEP

      12288:0Ed1lD17qtYpDGZmOQie4eOpn991X5pPOa57o0tYgWKnuxEj+BwkJHFQ1DO:0EblD17qsGZ6v4PPFqc7DWK4++fUDO

    Score
    10/10
    isrstealercollectioncredential_accessdiscoveryspywarestealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses Microsoft Outlook accounts

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks