General
-
Target
fcea44ccdda5c376d688d6ec36914763bdc510e9816a5ac68725ca8a267f1c5e
-
Size
596KB
-
Sample
221206-vcblcahg3t
-
MD5
033f741547a48edc8023c876ff7dcfb6
-
SHA1
debe8fced7d766edbec240f270140a4d1c2f7b14
-
SHA256
fcea44ccdda5c376d688d6ec36914763bdc510e9816a5ac68725ca8a267f1c5e
-
SHA512
0ff4fe58fb06c48ad3810c744290953837793c39d08d5fc3971210649bc2d1f9408ae782a15d63b933d1e16acd1fc18bb1e7037f1d6b1e2e2cfc43424403c5f5
-
SSDEEP
12288:gWfcA5sok1rJNAMPctYC/9HZ3eEAmw3OI:3eoiNL4p/r3eE/+
Malware Config
Targets
-
-
Target
fcea44ccdda5c376d688d6ec36914763bdc510e9816a5ac68725ca8a267f1c5e
-
Size
596KB
-
MD5
033f741547a48edc8023c876ff7dcfb6
-
SHA1
debe8fced7d766edbec240f270140a4d1c2f7b14
-
SHA256
fcea44ccdda5c376d688d6ec36914763bdc510e9816a5ac68725ca8a267f1c5e
-
SHA512
0ff4fe58fb06c48ad3810c744290953837793c39d08d5fc3971210649bc2d1f9408ae782a15d63b933d1e16acd1fc18bb1e7037f1d6b1e2e2cfc43424403c5f5
-
SSDEEP
12288:gWfcA5sok1rJNAMPctYC/9HZ3eEAmw3OI:3eoiNL4p/r3eE/+
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-