General
-
Target
f186f635a43305c610cad7abc0b55d7287fb3a9c5e6b9a55004c2bc2d1201598
-
Size
4.7MB
-
Sample
221129-br8d3sfa36
-
MD5
70174833a54bd0748a476c3877b1e91c
-
SHA1
4bbe522c0f5f8348049c93ab946c635cfd1365b0
-
SHA256
f186f635a43305c610cad7abc0b55d7287fb3a9c5e6b9a55004c2bc2d1201598
-
SHA512
540b38a51aafa263f3f538e065919c686952e762980d8d31d332962ff30fa4bdc72c4f0bfd9fd527831fbf56f751903768d55e0e89044f141ce5572334022b38
-
SSDEEP
98304:Ayh2A9KPK/5/o4IFIqRi97IThdHFNP6Fh8MIWEpUeB6tFDWjF8hEWJ9cNb:v2vwA4IrS72dlNP6FFpMUeBcg8hrJ9ib
Malware Config
Targets
-
-
Target
f186f635a43305c610cad7abc0b55d7287fb3a9c5e6b9a55004c2bc2d1201598
-
Size
4.7MB
-
MD5
70174833a54bd0748a476c3877b1e91c
-
SHA1
4bbe522c0f5f8348049c93ab946c635cfd1365b0
-
SHA256
f186f635a43305c610cad7abc0b55d7287fb3a9c5e6b9a55004c2bc2d1201598
-
SHA512
540b38a51aafa263f3f538e065919c686952e762980d8d31d332962ff30fa4bdc72c4f0bfd9fd527831fbf56f751903768d55e0e89044f141ce5572334022b38
-
SSDEEP
98304:Ayh2A9KPK/5/o4IFIqRi97IThdHFNP6Fh8MIWEpUeB6tFDWjF8hEWJ9cNb:v2vwA4IrS72dlNP6FFpMUeBcg8hrJ9ib
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-