General

  • Target

    2c269cf961eb60370d68757734fd5a9fdfb1ef3410fcafebf64ca02a32c51941N

  • Size

    139KB

  • Sample

    241001-t4v9dszarr

  • MD5

    f76c007f2c8efa85df02e78c281d6f20

  • SHA1

    77446ff46524daa9a7dbe3ea1091abdc10d797de

  • SHA256

    2c269cf961eb60370d68757734fd5a9fdfb1ef3410fcafebf64ca02a32c51941

  • SHA512

    2ff04f72647858702591b2e451314ce4cbea245a425605d2c015ba13d23e1c83241a24bdeaad3e9347f10e1fed215369ca10548c13c4c343321c727e0980c10b

  • SSDEEP

    3072:7oEPcB/ahiaaHa4t7J4f4ug/1vENqr5kjGnEQVVfXCGuj7IjQf:ME0B/ak6yJigNVr5Mu5DfXCFXIjQf

Malware Config

Targets

    • Target

      2c269cf961eb60370d68757734fd5a9fdfb1ef3410fcafebf64ca02a32c51941N

    • Size

      139KB

    • MD5

      f76c007f2c8efa85df02e78c281d6f20

    • SHA1

      77446ff46524daa9a7dbe3ea1091abdc10d797de

    • SHA256

      2c269cf961eb60370d68757734fd5a9fdfb1ef3410fcafebf64ca02a32c51941

    • SHA512

      2ff04f72647858702591b2e451314ce4cbea245a425605d2c015ba13d23e1c83241a24bdeaad3e9347f10e1fed215369ca10548c13c4c343321c727e0980c10b

    • SSDEEP

      3072:7oEPcB/ahiaaHa4t7J4f4ug/1vENqr5kjGnEQVVfXCGuj7IjQf:ME0B/ak6yJigNVr5Mu5DfXCFXIjQf

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks