General
-
Target
378894a8b085cb5091a4028cb80cab7a9c939e2efc208c38c13106ca49847bef
-
Size
357KB
-
Sample
221124-e6a9nshd45
-
MD5
77f0f5817a7664514c609e0a892e3183
-
SHA1
377ddd9ce3fac1e075352c7a7ff49189c34fdb4e
-
SHA256
378894a8b085cb5091a4028cb80cab7a9c939e2efc208c38c13106ca49847bef
-
SHA512
fdf2d80d9d4b1507dda4d5e6fe2cbb810879e8f848b4d7be5d5a2ba1bcf0044c2f3e35a484bd70c76709d5aab81a18491c6fdd365fd02e316c1f8b1b994bffcf
-
SSDEEP
6144:sqW+i3FV8tqehoyDZD12PRX9KHjvDbrx6TgIEy0Vi3a/D7GXj2C2SY+XTVyHh2:sD+i3DTKoy725M7dMgIq3Sl2SY+XMB
Malware Config
Targets
-
-
Target
378894a8b085cb5091a4028cb80cab7a9c939e2efc208c38c13106ca49847bef
-
Size
357KB
-
MD5
77f0f5817a7664514c609e0a892e3183
-
SHA1
377ddd9ce3fac1e075352c7a7ff49189c34fdb4e
-
SHA256
378894a8b085cb5091a4028cb80cab7a9c939e2efc208c38c13106ca49847bef
-
SHA512
fdf2d80d9d4b1507dda4d5e6fe2cbb810879e8f848b4d7be5d5a2ba1bcf0044c2f3e35a484bd70c76709d5aab81a18491c6fdd365fd02e316c1f8b1b994bffcf
-
SSDEEP
6144:sqW+i3FV8tqehoyDZD12PRX9KHjvDbrx6TgIEy0Vi3a/D7GXj2C2SY+XTVyHh2:sD+i3DTKoy725M7dMgIq3Sl2SY+XMB
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-