General
-
Target
c6da0915764ef075df7e86fb8d990d62e99d114a6d045c2c872c21c6e3fca100
-
Size
288KB
-
Sample
221206-l81exagf39
-
MD5
6b8503490d3a79ae7f01af43a901836e
-
SHA1
48081eeedc72f114c4abe37c1635fff9354b760f
-
SHA256
c6da0915764ef075df7e86fb8d990d62e99d114a6d045c2c872c21c6e3fca100
-
SHA512
26895f3ff07750f02926adaf6e3bc8fc639af065d04f84dd75ee64a696eaa598145c3796727cc94acad7d941e582480167121231c3c9df16d5b961eac517a53a
-
SSDEEP
6144:+B7VgTrrf922XH2kWMVPrAnPiEjyh8lfAaphZJeeee:+kngnPCCdp/Jeeee
Malware Config
Targets
-
-
Target
c6da0915764ef075df7e86fb8d990d62e99d114a6d045c2c872c21c6e3fca100
-
Size
288KB
-
MD5
6b8503490d3a79ae7f01af43a901836e
-
SHA1
48081eeedc72f114c4abe37c1635fff9354b760f
-
SHA256
c6da0915764ef075df7e86fb8d990d62e99d114a6d045c2c872c21c6e3fca100
-
SHA512
26895f3ff07750f02926adaf6e3bc8fc639af065d04f84dd75ee64a696eaa598145c3796727cc94acad7d941e582480167121231c3c9df16d5b961eac517a53a
-
SSDEEP
6144:+B7VgTrrf922XH2kWMVPrAnPiEjyh8lfAaphZJeeee:+kngnPCCdp/Jeeee
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-