General
-
Target
0f033eb7df26843e8fc56d9b0e6affd9ac124c7d8200f82bc5296196d2bce731
-
Size
537KB
-
Sample
221207-nbj3rsed41
-
MD5
a3b5ac0e8c67d89e4d0462bf264fb4f8
-
SHA1
1e53ab57282fd815de57774395b5cafadb024ded
-
SHA256
0f033eb7df26843e8fc56d9b0e6affd9ac124c7d8200f82bc5296196d2bce731
-
SHA512
c5c89f598c8747cec5e2d7a4b2e8353854b4a62708bdca241e7d83ee7763a467f244a4556f1b01cc3d5aea48bc3c6e78fc90e6067e11efefdea669ba3fdb2a57
-
SSDEEP
12288:sSorh+hQ26AYBld5/s/G5v2RKV2AJRTOcTEfFjXEckdvs:sSohOZ6AYTdBs2v2RytAVXrkd0
Malware Config
Targets
-
-
Target
0f033eb7df26843e8fc56d9b0e6affd9ac124c7d8200f82bc5296196d2bce731
-
Size
537KB
-
MD5
a3b5ac0e8c67d89e4d0462bf264fb4f8
-
SHA1
1e53ab57282fd815de57774395b5cafadb024ded
-
SHA256
0f033eb7df26843e8fc56d9b0e6affd9ac124c7d8200f82bc5296196d2bce731
-
SHA512
c5c89f598c8747cec5e2d7a4b2e8353854b4a62708bdca241e7d83ee7763a467f244a4556f1b01cc3d5aea48bc3c6e78fc90e6067e11efefdea669ba3fdb2a57
-
SSDEEP
12288:sSorh+hQ26AYBld5/s/G5v2RKV2AJRTOcTEfFjXEckdvs:sSohOZ6AYTdBs2v2RytAVXrkd0
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-