General
-
Target
237a93b6f64c1f79a1599610f3e8566d903557199a0a0d2298265d12fb9d69eb
-
Size
4.3MB
-
Sample
221202-zkq38agb9t
-
MD5
3e2c8e82a903d590ec1e77da118ba422
-
SHA1
048f4fcb2f67cd5e530834e9517401fac4716fe7
-
SHA256
237a93b6f64c1f79a1599610f3e8566d903557199a0a0d2298265d12fb9d69eb
-
SHA512
e50cd2d0c34a2b742a3f6d5911a83263c4d1378149ca956011a64ae0c326ed06b6300ddcd74525ed64f9e893a41fd78c61ed091fdc6cec1da422615a2893bb68
-
SSDEEP
98304:TrOUtpIu0ahhViYC/+tpfX7L320/DJ55qbZ8miDtAdh8tS5:Xntmu04riYA+tpjLb15PmiDtih8tS
Malware Config
Targets
-
-
Target
237a93b6f64c1f79a1599610f3e8566d903557199a0a0d2298265d12fb9d69eb
-
Size
4.3MB
-
MD5
3e2c8e82a903d590ec1e77da118ba422
-
SHA1
048f4fcb2f67cd5e530834e9517401fac4716fe7
-
SHA256
237a93b6f64c1f79a1599610f3e8566d903557199a0a0d2298265d12fb9d69eb
-
SHA512
e50cd2d0c34a2b742a3f6d5911a83263c4d1378149ca956011a64ae0c326ed06b6300ddcd74525ed64f9e893a41fd78c61ed091fdc6cec1da422615a2893bb68
-
SSDEEP
98304:TrOUtpIu0ahhViYC/+tpfX7L320/DJ55qbZ8miDtAdh8tS5:Xntmu04riYA+tpjLb15PmiDtih8tS
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-