General
-
Target
e334453a140e582a902b55a29758b1fc0db6e948ba0090b5431ffbf7a3d9fb86
-
Size
2.5MB
-
Sample
221130-dlc24afb4x
-
MD5
64779a324c694f4cac05c8e3372d3053
-
SHA1
2e5f8c11099ce0224dacb101b2bc5ee92e8377de
-
SHA256
e334453a140e582a902b55a29758b1fc0db6e948ba0090b5431ffbf7a3d9fb86
-
SHA512
2cb876fc4ca93aa05ceb6eb9f468fb94f1779fa4e0930f529abf527ab4898c712383df09ca7ccf93f54fa6ff48545cf79390529aa29dc5bbfd945cdd690d4638
-
SSDEEP
49152:Phh7f+Uq9lW2fihJUj95VbSZOO+LxVziRLT/9t0lwkYsMzROwVAquhtW:PnkLWuiDUfVbEOJfWRLT/PPsipV/ujW
Malware Config
Targets
-
-
Target
e334453a140e582a902b55a29758b1fc0db6e948ba0090b5431ffbf7a3d9fb86
-
Size
2.5MB
-
MD5
64779a324c694f4cac05c8e3372d3053
-
SHA1
2e5f8c11099ce0224dacb101b2bc5ee92e8377de
-
SHA256
e334453a140e582a902b55a29758b1fc0db6e948ba0090b5431ffbf7a3d9fb86
-
SHA512
2cb876fc4ca93aa05ceb6eb9f468fb94f1779fa4e0930f529abf527ab4898c712383df09ca7ccf93f54fa6ff48545cf79390529aa29dc5bbfd945cdd690d4638
-
SSDEEP
49152:Phh7f+Uq9lW2fihJUj95VbSZOO+LxVziRLT/9t0lwkYsMzROwVAquhtW:PnkLWuiDUfVbEOJfWRLT/PPsipV/ujW
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-