General
-
Target
c65b0d438a31537f2e3bc240ee52bd1c5037bf7c1faf755ea54e85a23b4b9bec
-
Size
288KB
-
Sample
221206-1y36dabd2t
-
MD5
084870aad203d8fdeefc14da8d02069e
-
SHA1
caa1c1bb4a8af41ebe4ed417d0a0fd8f3351ae5e
-
SHA256
c65b0d438a31537f2e3bc240ee52bd1c5037bf7c1faf755ea54e85a23b4b9bec
-
SHA512
5b4260e60c3543bb9d8ed35af1d7f32dda6be6076b8efe3564206a4b91365565d30ba37c639ff28378da37ac430450fc6c43922860455ceb4146ab2a66070ff8
-
SSDEEP
3072:O12i3kbpR6kaa6Y/gVq8X9R30Z/flKRFd/RRo74xzQWugHHkrtcFox89XHL4d/p6:O173epMkyCR1ClWEUbgnk1m1Hcwtb9S
Malware Config
Targets
-
-
Target
c65b0d438a31537f2e3bc240ee52bd1c5037bf7c1faf755ea54e85a23b4b9bec
-
Size
288KB
-
MD5
084870aad203d8fdeefc14da8d02069e
-
SHA1
caa1c1bb4a8af41ebe4ed417d0a0fd8f3351ae5e
-
SHA256
c65b0d438a31537f2e3bc240ee52bd1c5037bf7c1faf755ea54e85a23b4b9bec
-
SHA512
5b4260e60c3543bb9d8ed35af1d7f32dda6be6076b8efe3564206a4b91365565d30ba37c639ff28378da37ac430450fc6c43922860455ceb4146ab2a66070ff8
-
SSDEEP
3072:O12i3kbpR6kaa6Y/gVq8X9R30Z/flKRFd/RRo74xzQWugHHkrtcFox89XHL4d/p6:O173epMkyCR1ClWEUbgnk1m1Hcwtb9S
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-