Overview

overview

10

Static

static

3

a5c93ad708...17.exe

windows7-x64

10

a5c93ad708...17.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a5c93ad708ec5f3be2e8de6957349d3d1f844a20046029fa4a6d74c371c93a17.exe

  • Size

    368KB

  • Sample

    250108-fdpf9sxkdj

  • MD5

    2166580cdb35ef98a1683cb172717a16

  • SHA1

    2289422b25f1fc9d7bd7de41790928f698c33a4f

  • SHA256

    a5c93ad708ec5f3be2e8de6957349d3d1f844a20046029fa4a6d74c371c93a17

  • SHA512

    faff7258e3526dd490a0dc825d898fbe1839be2c1b690688b55d89b8e12ea6fb7026721924ba8471ba2c668452931f26d8f8be9189d521c647fc0e5cf7db4365

  • SSDEEP

    6144:bYXlu7PKTgM8jlcud0oTPP/eqTNYDWyys9YIusnowR/gVxoCiLXcisNC79FPQ2HF:2rTgM8j6QxNpyVY6/gV8Ft

Score
10/10
isrstealerdiscoverypersistencespywarestealertrojanupx

Malware Config

Targets

    • Target

      a5c93ad708ec5f3be2e8de6957349d3d1f844a20046029fa4a6d74c371c93a17.exe

    • Size

      368KB

    • MD5

      2166580cdb35ef98a1683cb172717a16

    • SHA1

      2289422b25f1fc9d7bd7de41790928f698c33a4f

    • SHA256

      a5c93ad708ec5f3be2e8de6957349d3d1f844a20046029fa4a6d74c371c93a17

    • SHA512

      faff7258e3526dd490a0dc825d898fbe1839be2c1b690688b55d89b8e12ea6fb7026721924ba8471ba2c668452931f26d8f8be9189d521c647fc0e5cf7db4365

    • SSDEEP

      6144:bYXlu7PKTgM8jlcud0oTPP/eqTNYDWyys9YIusnowR/gVxoCiLXcisNC79FPQ2HF:2rTgM8j6QxNpyVY6/gV8Ft

    Score
    10/10
    isrstealerdiscoverypersistencespywarestealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • Isrstealer family

      isrstealer

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks