General
-
Target
955bd07aa4b5e9d32816a3aab416b16559d79ed8979ef655f5b82edbc059e859
-
Size
475KB
-
Sample
221201-atq25shb52
-
MD5
e666f97283e213d5656482be7ea1c681
-
SHA1
6b17adcf8857c3d6ee0077d8f817448f01a371dc
-
SHA256
955bd07aa4b5e9d32816a3aab416b16559d79ed8979ef655f5b82edbc059e859
-
SHA512
b3f11361d47bd07e2edbc8884ac644f33d38df313939358f627181e985b190e1af1ce0c1baeebdfc13eff84407b4e3f1c13552f1539e698535770f5f0400ab13
-
SSDEEP
12288:cRXLH8P4mZp5QXw8f+hp4Y66+Oo7qS1fvDHqv4wFg960er:cRXLcP4mZp6yj4K+7OSlDHp3Ler
Malware Config
Targets
-
-
Target
955bd07aa4b5e9d32816a3aab416b16559d79ed8979ef655f5b82edbc059e859
-
Size
475KB
-
MD5
e666f97283e213d5656482be7ea1c681
-
SHA1
6b17adcf8857c3d6ee0077d8f817448f01a371dc
-
SHA256
955bd07aa4b5e9d32816a3aab416b16559d79ed8979ef655f5b82edbc059e859
-
SHA512
b3f11361d47bd07e2edbc8884ac644f33d38df313939358f627181e985b190e1af1ce0c1baeebdfc13eff84407b4e3f1c13552f1539e698535770f5f0400ab13
-
SSDEEP
12288:cRXLH8P4mZp5QXw8f+hp4Y66+Oo7qS1fvDHqv4wFg960er:cRXLcP4mZp6yj4K+7OSlDHp3Ler
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-