General
-
Target
5bbab8bdd280283872da971fb455b44f410dfc0ff0a5a2fbe0aa091462071129
-
Size
374KB
-
Sample
221030-v9lgtacbf9
-
MD5
667f558981c23c80e398f754b44a603f
-
SHA1
df5b15120dc36c4507742f6317d9eb1034e57a50
-
SHA256
5bbab8bdd280283872da971fb455b44f410dfc0ff0a5a2fbe0aa091462071129
-
SHA512
d0def62704fab1029410c10bafca743ff06f8e023a33dde64b6da934ee80ff84a2663a128bcf25f16ca3c47d9329c1a13fe38c45c4c92e5853c4d652dd7c35b9
-
SSDEEP
6144:xPnobS75poRPw/I+GtlKAyu/zpzIyEpR4d1v4CVCASiMu:hoS5poNwg+GtluYz1IyKK5RV
Malware Config
Targets
-
-
Target
5bbab8bdd280283872da971fb455b44f410dfc0ff0a5a2fbe0aa091462071129
-
Size
374KB
-
MD5
667f558981c23c80e398f754b44a603f
-
SHA1
df5b15120dc36c4507742f6317d9eb1034e57a50
-
SHA256
5bbab8bdd280283872da971fb455b44f410dfc0ff0a5a2fbe0aa091462071129
-
SHA512
d0def62704fab1029410c10bafca743ff06f8e023a33dde64b6da934ee80ff84a2663a128bcf25f16ca3c47d9329c1a13fe38c45c4c92e5853c4d652dd7c35b9
-
SSDEEP
6144:xPnobS75poRPw/I+GtlKAyu/zpzIyEpR4d1v4CVCASiMu:hoS5poNwg+GtluYz1IyKK5RV
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-