Overview

overview

10

Static

static

3

[Suamaytin...60.exe

windows7-x64

3

[Suamaytin...60.exe

windows10-2004-x64

3

[Suamaytin...MS.exe

windows7-x64

10

[Suamaytin...MS.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    57696c50acf44f8c5a2b2e5d80e75f34_JaffaCakes118

  • Size

    8.9MB

  • Sample

    241018-pkdssayhkp

  • MD5

    57696c50acf44f8c5a2b2e5d80e75f34

  • SHA1

    c223cd7a2453810bc2ab877888af6a59ddc9961e

  • SHA256

    1e4979be2176deb966d47734d5ad465f64d1508f132a190730f2b0ad382d176c

  • SHA512

    39dc78df740a36af1d6615f8fd2fbb74328ff45c0b8ec0c45d951d35ea0d9d8363edda6c8f3fad254aa4a11c5bfaee765c7be598064de8be6a05b0e5dd01aecf

  • SSDEEP

    196608:9+IzUS0wFOlsKsSWSGiML4z0bf31uLu9Qz704nQjVcM6+h9pra2W:9Tzz/5SGkwrAww704kyqZan

Score
10/10
isrstealercollectiondiscoveryspywarestealertrojanupx

Malware Config

Targets

    • Target

      [Suamaytinhtainha115.VN] Windows 8 Loader/Activator360.exe

    • Size

      35KB

    • MD5

      7394710a10c38b0158053e2e3cbbb9e6

    • SHA1

      93c540d9345b1373a19aa64e540b13d12d4532bc

    • SHA256

      60152c0a466e6b7bacc4b1980088817a79c467ab0deb6f07f6fb90d3f1b17ccb

    • SHA512

      1715f5e18a9652ce328636dcdbd0f60607ff4b7213f3b213392821e1afd1e471a1774e21d27633643fa4130bfe1d955f127a62ebf526ae0d20d53332c3668024

    • SSDEEP

      768:U/yhTRVnCs8P9K7jPGM4jMaUiOMZXbvkTKmBS79i/QFnJVI1tL4:KUnD81lMEHOMNvko790QFJ61i

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      [Suamaytinhtainha115.VN] Windows 8 Loader/KMS.exe

    • Size

      276KB

    • MD5

      b8b585877875c3679754094ad1449c08

    • SHA1

      52a9df4e81d77a40f84e5cd2f192653da9eb80fb

    • SHA256

      12bd99618398b770106d8f0ecdbaa217cf9ba03c83bd24dbff4e7515f9d74ee6

    • SHA512

      4e83134e1ba25dc96ca75300dac182e82f0a281c602558327bc8838566643bb0bd31b68e437d230f71b10efa9a78cf8c673e3033b2de1d5406701b9470155c19

    • SSDEEP

      6144:CdhyTMe7zdIKCC0ef//uXltKc+LVsz9b894jvLXo6Jdmz:GutzdFeCXuLKcCVsz6ODLXo6K

    Score
    10/10
    isrstealercollectiondiscoveryspywarestealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks