General
-
Target
e2dadd4afd1670177335f5426022a13a795b5a202e11b17f281ebcd0ee6b78d0
-
Size
736KB
-
Sample
221128-sja72scd64
-
MD5
acfe17220eed492d5b3b5b85cba17f27
-
SHA1
5725d2196c2eb9649d57aa6891381521968cff6d
-
SHA256
e2dadd4afd1670177335f5426022a13a795b5a202e11b17f281ebcd0ee6b78d0
-
SHA512
f8e4fe56aea6b86fa828e970ead3d957d39de883e64dd19d1f199079b58b8855d209723707bb16192fc6a5c9e276834f41011fc955389184388bf0bf2bc0d96a
-
SSDEEP
12288:1C0FSVMHdOacQlm0vTMsAdAqcaONPLMjgjgjgjgjgjgjgjgjgjgjgjgjgjgjgjgq:v8oOLQQoOdAq4NHKK
Malware Config
Targets
-
-
Target
e2dadd4afd1670177335f5426022a13a795b5a202e11b17f281ebcd0ee6b78d0
-
Size
736KB
-
MD5
acfe17220eed492d5b3b5b85cba17f27
-
SHA1
5725d2196c2eb9649d57aa6891381521968cff6d
-
SHA256
e2dadd4afd1670177335f5426022a13a795b5a202e11b17f281ebcd0ee6b78d0
-
SHA512
f8e4fe56aea6b86fa828e970ead3d957d39de883e64dd19d1f199079b58b8855d209723707bb16192fc6a5c9e276834f41011fc955389184388bf0bf2bc0d96a
-
SSDEEP
12288:1C0FSVMHdOacQlm0vTMsAdAqcaONPLMjgjgjgjgjgjgjgjgjgjgjgjgjgjgjgjgq:v8oOLQQoOdAq4NHKK
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-