General
-
Target
0a3611b8e640f07b495d536318bc34eccec79552d2591d05a0015227ec1e62d8
-
Size
368KB
-
Sample
221030-vr1tsabdb9
-
MD5
88ce30bc2d9e7da8d46f6bf7895d8dde
-
SHA1
eaba322eeddf41ca8ce013a1f7a38e658f464b40
-
SHA256
0a3611b8e640f07b495d536318bc34eccec79552d2591d05a0015227ec1e62d8
-
SHA512
0f0410c2c97757c6b1e1c9d51343db22d7fe7688b5424fde5bbcc7845eafd2302a25e289da167916aeb4e1ca85fce887b16564552965f9c35c6f64e3fe4e16d4
-
SSDEEP
6144:yBljsvTdniPKRIQSk6wdKs+Gp1d/TtuxLFzOfNyM48JhJfJeY8Cvv4bNmgUXx:8jsv5cKEk6wdKq1uj8p9HzoPOx
Malware Config
Targets
-
-
Target
0a3611b8e640f07b495d536318bc34eccec79552d2591d05a0015227ec1e62d8
-
Size
368KB
-
MD5
88ce30bc2d9e7da8d46f6bf7895d8dde
-
SHA1
eaba322eeddf41ca8ce013a1f7a38e658f464b40
-
SHA256
0a3611b8e640f07b495d536318bc34eccec79552d2591d05a0015227ec1e62d8
-
SHA512
0f0410c2c97757c6b1e1c9d51343db22d7fe7688b5424fde5bbcc7845eafd2302a25e289da167916aeb4e1ca85fce887b16564552965f9c35c6f64e3fe4e16d4
-
SSDEEP
6144:yBljsvTdniPKRIQSk6wdKs+Gp1d/TtuxLFzOfNyM48JhJfJeY8Cvv4bNmgUXx:8jsv5cKEk6wdKq1uj8p9HzoPOx
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-