General
-
Target
51a2c02d9aa47645aa55345fef4f817eaeb816ba0c266efc029b56056d3d0a82
-
Size
372KB
-
Sample
221014-j55t4sfac6
-
MD5
61037538e0174df60ad78e045896dd80
-
SHA1
4901fdcdfd0d41aa0721c2d6f687c62c671cd687
-
SHA256
51a2c02d9aa47645aa55345fef4f817eaeb816ba0c266efc029b56056d3d0a82
-
SHA512
252ac724fdb4a6238d93ade5114788c8db1e7430f20d9c643a7c06ee657f3d87ba31bdb77f80fddc179affb066c5f64ef4d796e6db0c77c4ca245d1fb6d47931
-
SSDEEP
6144:xYPaSjKP2wYla5OgXZ01kAkpHOrvn8MVyFmQ0dvMW8DX76xrXI2:GPlNLuLckpurvnjVGWD8776tI2
Malware Config
Targets
-
-
Target
51a2c02d9aa47645aa55345fef4f817eaeb816ba0c266efc029b56056d3d0a82
-
Size
372KB
-
MD5
61037538e0174df60ad78e045896dd80
-
SHA1
4901fdcdfd0d41aa0721c2d6f687c62c671cd687
-
SHA256
51a2c02d9aa47645aa55345fef4f817eaeb816ba0c266efc029b56056d3d0a82
-
SHA512
252ac724fdb4a6238d93ade5114788c8db1e7430f20d9c643a7c06ee657f3d87ba31bdb77f80fddc179affb066c5f64ef4d796e6db0c77c4ca245d1fb6d47931
-
SSDEEP
6144:xYPaSjKP2wYla5OgXZ01kAkpHOrvn8MVyFmQ0dvMW8DX76xrXI2:GPlNLuLckpurvnjVGWD8776tI2
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-