Overview

overview

10

Static

static

3

27cba38907...7e.exe

windows7-x64

10

27cba38907...7e.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    27cba389076973839b6dd510d35233ec828896802b7eb462f80844514fd6aa7e.exe

  • Size

    540KB

  • Sample

    250107-nvjw4s1pem

  • MD5

    37a3ec1dcef87ab6828f9a8d1f998298

  • SHA1

    7d8fb255d8fc4d2af7cd5896498ceee6f29323d8

  • SHA256

    27cba389076973839b6dd510d35233ec828896802b7eb462f80844514fd6aa7e

  • SHA512

    f4337776424093ff33848b703931d00ebff29894cb6a7d77a0036062f38d64d505250047db51962db613dcd21c3a7163c0100ebf3bf838fbff75ab1cff87f9b8

  • SSDEEP

    12288:Ghxc3TIlqGJs1jpqttRiOsopj8X8TsWELBpGkjrkgbPp2UJSVEtoPC5:ucoCyb6aIMTsWAfGONUkgEWPy

Score
10/10
isrstealercollectiondiscoverypersistencespywarestealertrojanupx

Malware Config

Targets

    • Target

      27cba389076973839b6dd510d35233ec828896802b7eb462f80844514fd6aa7e.exe

    • Size

      540KB

    • MD5

      37a3ec1dcef87ab6828f9a8d1f998298

    • SHA1

      7d8fb255d8fc4d2af7cd5896498ceee6f29323d8

    • SHA256

      27cba389076973839b6dd510d35233ec828896802b7eb462f80844514fd6aa7e

    • SHA512

      f4337776424093ff33848b703931d00ebff29894cb6a7d77a0036062f38d64d505250047db51962db613dcd21c3a7163c0100ebf3bf838fbff75ab1cff87f9b8

    • SSDEEP

      12288:Ghxc3TIlqGJs1jpqttRiOsopj8X8TsWELBpGkjrkgbPp2UJSVEtoPC5:ucoCyb6aIMTsWAfGONUkgEWPy

    Score
    10/10
    isrstealercollectiondiscoverypersistencespywarestealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • Isrstealer family

      isrstealer

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks