Overview

overview

10

Static

static

3

ad9c879c3f...34.exe

windows7-x64

10

ad9c879c3f...34.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ad9c879c3f77900ec729a266030e743c8626d826bc7a88a9255ac43d29019534.exe

  • Size

    120KB

  • Sample

    250201-mpk2jsykdv

  • MD5

    0dca2b823cac7c0340ee76ef28d8e056

  • SHA1

    90e9ca8592d6c63e2fd73e8027e060a4d72e2fdb

  • SHA256

    ad9c879c3f77900ec729a266030e743c8626d826bc7a88a9255ac43d29019534

  • SHA512

    c2a11c45ce4023e0475c1c072c3b25f40249d3dbb507e72fc060616fd9bf4f38f2823738a85811018fddfcd5d47c655d57c93c7a6ccfcf515f2e197b1bcb96e6

  • SSDEEP

    3072:6La94GN7fiIEAeLHJx0snnczgbCn7BDdtMd8WhWuFOPMI/2WddUXE:6La94GN7fiIEAeLHJx0WCntdtMieZg0g

Score
10/10
isrstealerbootkitdiscoverypersistencespywarestealertrojan

Malware Config

Targets

    • Target

      ad9c879c3f77900ec729a266030e743c8626d826bc7a88a9255ac43d29019534.exe

    • Size

      120KB

    • MD5

      0dca2b823cac7c0340ee76ef28d8e056

    • SHA1

      90e9ca8592d6c63e2fd73e8027e060a4d72e2fdb

    • SHA256

      ad9c879c3f77900ec729a266030e743c8626d826bc7a88a9255ac43d29019534

    • SHA512

      c2a11c45ce4023e0475c1c072c3b25f40249d3dbb507e72fc060616fd9bf4f38f2823738a85811018fddfcd5d47c655d57c93c7a6ccfcf515f2e197b1bcb96e6

    • SSDEEP

      3072:6La94GN7fiIEAeLHJx0snnczgbCn7BDdtMd8WhWuFOPMI/2WddUXE:6La94GN7fiIEAeLHJx0WCntdtMieZg0g

    Score
    10/10
    isrstealerbootkitdiscoverypersistencespywarestealertrojan

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • Isrstealer family

      isrstealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks