General
-
Target
4be438197c59ab4d3d9582440414dfb9a56e9415e64804097aabf051a69f74d6
-
Size
364KB
-
Sample
221122-xjx42aha41
-
MD5
186c419d81f8bb05b0f6f4f4bbae0ad3
-
SHA1
c2f8d35881fb9b11737cc3a9e4006036e9ff2cfc
-
SHA256
4be438197c59ab4d3d9582440414dfb9a56e9415e64804097aabf051a69f74d6
-
SHA512
547b55621e40bb75407ee6fc5eb6d42c2cd6fdfc2b9da6ecce6e781691bd8abb93f4bab3e0904a0b63c8fae347f0020876f8a1919f62ec48405899b450b3fb8d
-
SSDEEP
6144:92WzNfBNBaxoxzLUq+pa5MzObYrO4sMubFL6vOZ4:9HBaxox1+pIMzOcrdYFL6v
Malware Config
Targets
-
-
Target
4be438197c59ab4d3d9582440414dfb9a56e9415e64804097aabf051a69f74d6
-
Size
364KB
-
MD5
186c419d81f8bb05b0f6f4f4bbae0ad3
-
SHA1
c2f8d35881fb9b11737cc3a9e4006036e9ff2cfc
-
SHA256
4be438197c59ab4d3d9582440414dfb9a56e9415e64804097aabf051a69f74d6
-
SHA512
547b55621e40bb75407ee6fc5eb6d42c2cd6fdfc2b9da6ecce6e781691bd8abb93f4bab3e0904a0b63c8fae347f0020876f8a1919f62ec48405899b450b3fb8d
-
SSDEEP
6144:92WzNfBNBaxoxzLUq+pa5MzObYrO4sMubFL6vOZ4:9HBaxox1+pIMzOcrdYFL6v
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-