General
-
Target
1387974feffde780d5e3c69e33631a72
-
Size
888KB
-
Sample
231221-2c4epafec9
-
MD5
1387974feffde780d5e3c69e33631a72
-
SHA1
1d55315676b0db7ccf7822e89ab556987f88dc25
-
SHA256
37780af54219c5c55bbd96da6b64a5bceeb10d99b01cecd7dc7dfb6406af2206
-
SHA512
bd0fa09a5722d5d1c82525ce949dd37fd6e237e89cd8760e665d9aca7e50f4edf876538b46eac5056b92ee1d4751c2fa0fbc1e4eeb1e539bbe419905701ba837
-
SSDEEP
12288:amhY9HGbus7YjeLIcSdThuQsx9I9UF8KRNQ9HalPYKi6NFttCM37/d3/IyH:amhGSSc5sus9Ux0HalLiuFFTGw
Malware Config
Targets
-
-
Target
1387974feffde780d5e3c69e33631a72
-
Size
888KB
-
MD5
1387974feffde780d5e3c69e33631a72
-
SHA1
1d55315676b0db7ccf7822e89ab556987f88dc25
-
SHA256
37780af54219c5c55bbd96da6b64a5bceeb10d99b01cecd7dc7dfb6406af2206
-
SHA512
bd0fa09a5722d5d1c82525ce949dd37fd6e237e89cd8760e665d9aca7e50f4edf876538b46eac5056b92ee1d4751c2fa0fbc1e4eeb1e539bbe419905701ba837
-
SSDEEP
12288:amhY9HGbus7YjeLIcSdThuQsx9I9UF8KRNQ9HalPYKi6NFttCM37/d3/IyH:amhGSSc5sus9Ux0HalLiuFFTGw
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Nirsoft
-
Blocklisted process makes network request
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-