General
-
Target
4a2040875002048abe82aac6a322c7e1c8f9d889d141816ae1b17a16e6d599ed
-
Size
420KB
-
Sample
221030-xtm2taehf2
-
MD5
f8b8b6724959b31c51cf75b3308c461b
-
SHA1
beade7d0013f363015f6e0191bd16ece96617f01
-
SHA256
4a2040875002048abe82aac6a322c7e1c8f9d889d141816ae1b17a16e6d599ed
-
SHA512
fde4c4984dca02803188becbe665df8ae12c14569ae4abc9560618388cf7af15fafde0b1671b0b574ac63abe0156ed04ea36432dc4711d67d658c358d42c508e
-
SSDEEP
6144:5sMeC/7GzlDT2cg5aCr54wmTTm7nrikdT/BSSY1Od+6hE/TIIKxah:yMT/74lfsSwzigT/kp1O06hbIKY
Malware Config
Targets
-
-
Target
4a2040875002048abe82aac6a322c7e1c8f9d889d141816ae1b17a16e6d599ed
-
Size
420KB
-
MD5
f8b8b6724959b31c51cf75b3308c461b
-
SHA1
beade7d0013f363015f6e0191bd16ece96617f01
-
SHA256
4a2040875002048abe82aac6a322c7e1c8f9d889d141816ae1b17a16e6d599ed
-
SHA512
fde4c4984dca02803188becbe665df8ae12c14569ae4abc9560618388cf7af15fafde0b1671b0b574ac63abe0156ed04ea36432dc4711d67d658c358d42c508e
-
SSDEEP
6144:5sMeC/7GzlDT2cg5aCr54wmTTm7nrikdT/BSSY1Od+6hE/TIIKxah:yMT/74lfsSwzigT/kp1O06hbIKY
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-