General
-
Target
d8f21b5f2faba217f98cd3e77340f21ae8e13f4598bae5095d578c320a0b9b37
-
Size
408KB
-
Sample
221011-ysqa8acbf2
-
MD5
7b6e32355587a65ca9d434152ebd7ef4
-
SHA1
6ce649670be8e54ebaf3d018a030306e6bd8e070
-
SHA256
d8f21b5f2faba217f98cd3e77340f21ae8e13f4598bae5095d578c320a0b9b37
-
SHA512
d23ec6dd5aa6d7675eb0d4c4d567f3775fcfff9ccbbe6f71a1b76555d22ab06b66b69ed764cdd14e979d70d32bf212b9664682917bc27b54e0367a71f045157c
-
SSDEEP
6144:v7l/Mts0sXrneChRWcSUEC8ctAom2C+do4ON1ZA0bYQpBuLGlY+6iPHS/ei:hMSeChscpEBctA2Q11aPQ3/6/ei
Malware Config
Targets
-
-
Target
d8f21b5f2faba217f98cd3e77340f21ae8e13f4598bae5095d578c320a0b9b37
-
Size
408KB
-
MD5
7b6e32355587a65ca9d434152ebd7ef4
-
SHA1
6ce649670be8e54ebaf3d018a030306e6bd8e070
-
SHA256
d8f21b5f2faba217f98cd3e77340f21ae8e13f4598bae5095d578c320a0b9b37
-
SHA512
d23ec6dd5aa6d7675eb0d4c4d567f3775fcfff9ccbbe6f71a1b76555d22ab06b66b69ed764cdd14e979d70d32bf212b9664682917bc27b54e0367a71f045157c
-
SSDEEP
6144:v7l/Mts0sXrneChRWcSUEC8ctAom2C+do4ON1ZA0bYQpBuLGlY+6iPHS/ei:hMSeChscpEBctA2Q11aPQ3/6/ei
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-