General
-
Target
92b34be60a42846ab40a9c84ec2fba72088e2a725ff612717081b405cdb915eb
-
Size
895KB
-
Sample
221123-19z8vscd71
-
MD5
5be41d78bc950b8383bfeda8c29c8e21
-
SHA1
351984bd05bbfff6bc64edf972102f893f97ca11
-
SHA256
92b34be60a42846ab40a9c84ec2fba72088e2a725ff612717081b405cdb915eb
-
SHA512
474f3508fcb3efbc68fb832d3b806051916d9152f24aca882b6e9053a2954ed79645e27db1109d06ac42208f414daeb8fe8e3696bafa82adb2a68bfe04b2083f
-
SSDEEP
24576:UHZxEgbSj4Wm5v3IJneMGg6MlXjM9qB9so0fEZTZDQIFo:U5OqQ2v3unlVlA9M9sobQIF
Malware Config
Targets
-
-
Target
92b34be60a42846ab40a9c84ec2fba72088e2a725ff612717081b405cdb915eb
-
Size
895KB
-
MD5
5be41d78bc950b8383bfeda8c29c8e21
-
SHA1
351984bd05bbfff6bc64edf972102f893f97ca11
-
SHA256
92b34be60a42846ab40a9c84ec2fba72088e2a725ff612717081b405cdb915eb
-
SHA512
474f3508fcb3efbc68fb832d3b806051916d9152f24aca882b6e9053a2954ed79645e27db1109d06ac42208f414daeb8fe8e3696bafa82adb2a68bfe04b2083f
-
SSDEEP
24576:UHZxEgbSj4Wm5v3IJneMGg6MlXjM9qB9so0fEZTZDQIFo:U5OqQ2v3unlVlA9M9sobQIF
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-