General
-
Target
f7c92ff3f595ecc58ceaf5d5b99416bfc27cd093857aafe159e21b36b5b37358
-
Size
1.3MB
-
Sample
221120-lthljsgc89
-
MD5
337945b77404f159d58a259b7a6a4f0e
-
SHA1
50e9e7a996d6d9a3ab82f9f52be84972d1680f44
-
SHA256
f7c92ff3f595ecc58ceaf5d5b99416bfc27cd093857aafe159e21b36b5b37358
-
SHA512
95aff6ed66779926a12de27f90da08a1bf408ceb1c8ec88d05da118e5b26425e56f197bd6dfcbdf0c792697e03e8df1b236d7bf23c8467c2bd721de54aee477f
-
SSDEEP
24576:oBoD8/S73C15D8ySSa+CefdugiSCchYlgnDm2Xdky5U4NsdLdsdGzcGp:QoB7m4S2sDZCcu69Xaym4C5uQr
Malware Config
Targets
-
-
Target
f7c92ff3f595ecc58ceaf5d5b99416bfc27cd093857aafe159e21b36b5b37358
-
Size
1.3MB
-
MD5
337945b77404f159d58a259b7a6a4f0e
-
SHA1
50e9e7a996d6d9a3ab82f9f52be84972d1680f44
-
SHA256
f7c92ff3f595ecc58ceaf5d5b99416bfc27cd093857aafe159e21b36b5b37358
-
SHA512
95aff6ed66779926a12de27f90da08a1bf408ceb1c8ec88d05da118e5b26425e56f197bd6dfcbdf0c792697e03e8df1b236d7bf23c8467c2bd721de54aee477f
-
SSDEEP
24576:oBoD8/S73C15D8ySSa+CefdugiSCchYlgnDm2Xdky5U4NsdLdsdGzcGp:QoB7m4S2sDZCcu69Xaym4C5uQr
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-