General
-
Target
3b6b825c48d5169a01f446cb56ea4a410e3b0d7f6d85980bfdb6b509c160bb88
-
Size
742KB
-
Sample
221124-g11ngsdh32
-
MD5
e79aeb7ebd84de410563ae73e08bc6c8
-
SHA1
1d60e229f0a9e9c2343e1f2babd82361f7c93304
-
SHA256
3b6b825c48d5169a01f446cb56ea4a410e3b0d7f6d85980bfdb6b509c160bb88
-
SHA512
3f40a94979721f0f046e546642bc6290e06d890162ad4f47a496a01753e8b879c8a190ecf7b6366fb05b8510bc5ce6b7d40f591faa15bf7c740e27136e7fc468
-
SSDEEP
12288:aOW5xH/6Aku+mRA+VYn5JkwCCbPiVcoFDSEE3/M8Tj7:qLSl+6n5JkwjbPjoCPFf7
Malware Config
Targets
-
-
Target
3b6b825c48d5169a01f446cb56ea4a410e3b0d7f6d85980bfdb6b509c160bb88
-
Size
742KB
-
MD5
e79aeb7ebd84de410563ae73e08bc6c8
-
SHA1
1d60e229f0a9e9c2343e1f2babd82361f7c93304
-
SHA256
3b6b825c48d5169a01f446cb56ea4a410e3b0d7f6d85980bfdb6b509c160bb88
-
SHA512
3f40a94979721f0f046e546642bc6290e06d890162ad4f47a496a01753e8b879c8a190ecf7b6366fb05b8510bc5ce6b7d40f591faa15bf7c740e27136e7fc468
-
SSDEEP
12288:aOW5xH/6Aku+mRA+VYn5JkwCCbPiVcoFDSEE3/M8Tj7:qLSl+6n5JkwjbPjoCPFf7
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-