General
-
Target
b52baa7b106317424db10866c73042bf47ddeb81cc389c3b8ea294d5175cd1c7
-
Size
355KB
-
Sample
221122-wsfqnsfh3z
-
MD5
93994ce2cdb48ea1970c2107c1e68af8
-
SHA1
ebf583e090f8eab34cfd7e56d2852e0083e59040
-
SHA256
b52baa7b106317424db10866c73042bf47ddeb81cc389c3b8ea294d5175cd1c7
-
SHA512
8e29a4ad24b9c999835dd8ba906ce6ffb60a4422a33d1ab2535ae4edc3eb1101ab8767e48ee728f68e63a2b34c82a1c455bf58cc247bcdf2e611939ecdc9411b
-
SSDEEP
6144:vYGsqnJ+2i9XvCMOd3HpEURdQqY+Bk+Ye+Y6HtQLmRA3o01phAGBtHO0vWhV:JFnJbihvCMOdJEUvQqpRGtGmRA3o01hi
Malware Config
Targets
-
-
Target
b52baa7b106317424db10866c73042bf47ddeb81cc389c3b8ea294d5175cd1c7
-
Size
355KB
-
MD5
93994ce2cdb48ea1970c2107c1e68af8
-
SHA1
ebf583e090f8eab34cfd7e56d2852e0083e59040
-
SHA256
b52baa7b106317424db10866c73042bf47ddeb81cc389c3b8ea294d5175cd1c7
-
SHA512
8e29a4ad24b9c999835dd8ba906ce6ffb60a4422a33d1ab2535ae4edc3eb1101ab8767e48ee728f68e63a2b34c82a1c455bf58cc247bcdf2e611939ecdc9411b
-
SSDEEP
6144:vYGsqnJ+2i9XvCMOd3HpEURdQqY+Bk+Ye+Y6HtQLmRA3o01phAGBtHO0vWhV:JFnJbihvCMOdJEUvQqpRGtGmRA3o01hi
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-