Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9ab1d6220c68a3b965b80ebb3c81c9c0886d7f0180c6ed7dbf888502ce30d465
-
Size
372KB
-
Sample
221129-t912tsfg83
-
MD5
1a602393b841f50047c5a8a8608c4100
-
SHA1
778a9bebf7dca5a40043dc7fc5dfd104ddfbbfe5
-
SHA256
9ab1d6220c68a3b965b80ebb3c81c9c0886d7f0180c6ed7dbf888502ce30d465
-
SHA512
53a6ce21137e54d9a93d8e9577ae695eba337a7c0d4d8b5acf3561273041895ed325232b3f77c0433166495311792cd4e85f149c88bb064f181a551fa10d5934
-
SSDEEP
6144:yOLJqj40m5tXf2y7dYyzxit1egV2M20TRFDK8ALxQgCRz7ySeECe:yGqs5wYdY6i4gP2w+kVT
Malware Config
Targets
-
-
Target
9ab1d6220c68a3b965b80ebb3c81c9c0886d7f0180c6ed7dbf888502ce30d465
-
Size
372KB
-
MD5
1a602393b841f50047c5a8a8608c4100
-
SHA1
778a9bebf7dca5a40043dc7fc5dfd104ddfbbfe5
-
SHA256
9ab1d6220c68a3b965b80ebb3c81c9c0886d7f0180c6ed7dbf888502ce30d465
-
SHA512
53a6ce21137e54d9a93d8e9577ae695eba337a7c0d4d8b5acf3561273041895ed325232b3f77c0433166495311792cd4e85f149c88bb064f181a551fa10d5934
-
SSDEEP
6144:yOLJqj40m5tXf2y7dYyzxit1egV2M20TRFDK8ALxQgCRz7ySeECe:yGqs5wYdY6i4gP2w+kVT
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-