General
-
Target
18421aea49ec967d347429f0cc20d7026fad6d3ca6199cd25bb77cab5a111613
-
Size
355KB
-
Sample
221029-kt178aafak
-
MD5
6adad5d248e3dc3e7b0a9eb421b2d3af
-
SHA1
cd0f3625f6400e79a6ee83298295b8934b32e25b
-
SHA256
18421aea49ec967d347429f0cc20d7026fad6d3ca6199cd25bb77cab5a111613
-
SHA512
1735f7444747212ddcc244de569652bbb8d2f43df46f46f3b1471ebccff04953029adff50d9fcb96c3cbb18a1294298ffca8f45ab48a0b505702b9450a78725c
-
SSDEEP
6144:dRPJyiBMhtDSmB9HgZ8ZG+chtJIPVa4VF1g6RXHYc59wJeP+c0eUrMFDE7ukHmoy:hpgRSmB9AAGhtJI4w1Bt4WGsDE7ukHm9
Malware Config
Targets
-
-
Target
18421aea49ec967d347429f0cc20d7026fad6d3ca6199cd25bb77cab5a111613
-
Size
355KB
-
MD5
6adad5d248e3dc3e7b0a9eb421b2d3af
-
SHA1
cd0f3625f6400e79a6ee83298295b8934b32e25b
-
SHA256
18421aea49ec967d347429f0cc20d7026fad6d3ca6199cd25bb77cab5a111613
-
SHA512
1735f7444747212ddcc244de569652bbb8d2f43df46f46f3b1471ebccff04953029adff50d9fcb96c3cbb18a1294298ffca8f45ab48a0b505702b9450a78725c
-
SSDEEP
6144:dRPJyiBMhtDSmB9HgZ8ZG+chtJIPVa4VF1g6RXHYc59wJeP+c0eUrMFDE7ukHmoy:hpgRSmB9AAGhtJI4w1Bt4WGsDE7ukHm9
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-