isrstealer | f2f6bbf28ec87f8dc44ab1fb91572f801d87c595c8a4aea4eac910c5403a7b33 | Triage

Submit
Reports

Overview

overview

Static

static

magic dreams 2.2.exe

windows7-x64

9

magic dreams 2.2.exe

windows10-2004-x64

9

Sharing

General

Target

22654f6edca4fa7ae849c29ec3955220_JaffaCakes118
Size

363KB
Sample

241008-tftewstgnm
MD5

22654f6edca4fa7ae849c29ec3955220
SHA1

1b661602e8b66b6bb5d5a0ee93218ca441ab8b7d
SHA256

f2f6bbf28ec87f8dc44ab1fb91572f801d87c595c8a4aea4eac910c5403a7b33
SHA512

036272db6818fbf28769ef8c1f4f2c888e54ec6cb98feb29eb85d19d452fd9a0abdff9b2a88b4ca0477a9148197e9a452c38a7ac9ca7dda97ce9455e1ac635d3
SSDEEP

6144:HP0370mcFmY8bP2U623amIBL2PyCByJK/GTO8Xkr8NcXVcpvadgi3R8bDj71pT/u:FThU33aJBaP7aKr8XkoN0VLdSLTTC

Score

10^/10

isrstealer collection discovery spyware stealer upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

magic dreams 2.2.exe

Resource

win7-20240903-en

collection discovery spyware stealer upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

magic dreams 2.2.exe

Resource

win10v2004-20241007-en

collection discovery spyware stealer upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  magic dreams 2.2.exe
- Size
  
  444KB
- MD5
  
  6f244b6af648a073a70dec542b690dd9
- SHA1
  
  ee4bf04d0cf7d45cceff486ccbdb6695cb1ad8cf
- SHA256
  
  54e6d0a9e9cf45b389919490c1416e8d1cf2de27b5b3a96e53e78561ff48fd22
- SHA512
  
  840d293d35a41a21e0224fd8603600762389d6b3eff31108fd72d0d023c31c6f079cd1fcf599acec5041338674ab4c538ca131f965ebb316c106d221b3d56bf7
- SSDEEP
  
  12288:7q1q3C4c0C3jaJBaPHaKx8Xk8NxagaElleY:e1czc3Ywt8XzNxagaClz
Score

9^/10

collection discovery spyware stealer upx
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectiondiscoveryspywarestealerupx

behavioral2

collectiondiscoveryspywarestealerupx

© 2018-2024

Terms | Privacy