General
-
Target
966c8b6ae047e13474bf29b3cd01584730c94f54b942b50b6346639c798ea585
-
Size
420KB
-
Sample
221125-vj93gsfa61
-
MD5
e774bca504985440420fe73b75dc00cc
-
SHA1
368fa03327594d06b8e421b74b1de49bf0780de9
-
SHA256
966c8b6ae047e13474bf29b3cd01584730c94f54b942b50b6346639c798ea585
-
SHA512
245416bdff73f6d133ecd33d514a77ce1e9ab88226dcb731581bae923d1c1feab66a5364e3670b91d4840e5b80771cd551d632c6c200b002153bce3164381761
-
SSDEEP
6144:D/VmalBrqaKxs+j26ld4h6LpNkVTqgL4/YitLJuTtnQoniQGZpvIszTuoFZL:RmOHK9KVTqgLaYitLUTyNQo1Tuo
Malware Config
Targets
-
-
Target
966c8b6ae047e13474bf29b3cd01584730c94f54b942b50b6346639c798ea585
-
Size
420KB
-
MD5
e774bca504985440420fe73b75dc00cc
-
SHA1
368fa03327594d06b8e421b74b1de49bf0780de9
-
SHA256
966c8b6ae047e13474bf29b3cd01584730c94f54b942b50b6346639c798ea585
-
SHA512
245416bdff73f6d133ecd33d514a77ce1e9ab88226dcb731581bae923d1c1feab66a5364e3670b91d4840e5b80771cd551d632c6c200b002153bce3164381761
-
SSDEEP
6144:D/VmalBrqaKxs+j26ld4h6LpNkVTqgL4/YitLJuTtnQoniQGZpvIszTuoFZL:RmOHK9KVTqgLaYitLUTyNQo1Tuo
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-