General
-
Target
505926213d0418decb55fbe3461957a6ce462430e43f1967e02c80933270db6d
-
Size
2.0MB
-
Sample
221021-x11aqacahq
-
MD5
5ad2eac3004666af59bf963bc4e9e35b
-
SHA1
dc430a94ef5d682097883844b3d2ee6cad351cfa
-
SHA256
505926213d0418decb55fbe3461957a6ce462430e43f1967e02c80933270db6d
-
SHA512
308a9ed760b55edf85b3e95bd639727208c3cb4a94ee9d2e00514cce2a4b025bf6e6b5ab670236ed8baa533dac29a4a8b6366b3c867f9f86329de7467edf75c2
-
SSDEEP
49152:FSVaY9utNzMKYX8qeYyyoC0Rrwyv5D9IPYkgKeG6m5:FS8YkzV/qeYNoCoIPYkgs
Malware Config
Targets
-
-
Target
505926213d0418decb55fbe3461957a6ce462430e43f1967e02c80933270db6d
-
Size
2.0MB
-
MD5
5ad2eac3004666af59bf963bc4e9e35b
-
SHA1
dc430a94ef5d682097883844b3d2ee6cad351cfa
-
SHA256
505926213d0418decb55fbe3461957a6ce462430e43f1967e02c80933270db6d
-
SHA512
308a9ed760b55edf85b3e95bd639727208c3cb4a94ee9d2e00514cce2a4b025bf6e6b5ab670236ed8baa533dac29a4a8b6366b3c867f9f86329de7467edf75c2
-
SSDEEP
49152:FSVaY9utNzMKYX8qeYyyoC0Rrwyv5D9IPYkgKeG6m5:FS8YkzV/qeYNoCoIPYkgs
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-