isrstealer | 35e6db625e5143f7506e27153776623aa36e32bd8df2c8efabf053aa7aff3d1b

General

Target

5759412d60274d5f413c54afe2f7c0ee
Size

495KB
Sample

240112-yhszcsedam
MD5

5759412d60274d5f413c54afe2f7c0ee
SHA1

f0b8ab6840034cdcbf3a8f72f40483dbf7dc7a0f
SHA256

35e6db625e5143f7506e27153776623aa36e32bd8df2c8efabf053aa7aff3d1b
SHA512

66af88344f2a7654efaa892e2ef923be4d21f5e2186bbf7ad7e03284d7d686927507c4165e5ec6d4f4dec3f6aac3c46a238243be2c75b935b8a1caecf68726f2
SSDEEP

12288:qALeh1Besa9OaEVOfE/AcK5Tn/WA8fL4eaB:Z+asaX1E/G/Wt8v

Score

10^/10

Malware Config

Targets

- Target
  
  Battlefield 3 Aimbot/FaceBotFixed.dll
- Size
  
  225KB
- MD5
  
  e3eb7a71e05d57bb30bc89c18afcf933
- SHA1
  
  d423cd66d75910b2515cb7bbd0d9ed01ab04ab92
- SHA256
  
  2453ed6ac4022afc8d000ba54c8ba69c48b5ceab4c43b56ad00c9867c5b5374a
- SHA512
  
  f8f9baa1477b18c511ec06f8bc11b4e65f2871603cd574cecbe0bb7d40e14bc964fa927ef3fd3edd1a25e0a768ab35f1ca7c1785c44d949651064ca9f67a939e
- SSDEEP
  
  6144:1I+GTKQHSdMKmTLKzol3HXT7JUZoiOt8:14TKQHSdMKmTLKS3XT7JUJ
Score

1^/10
behavioral1 behavioral2
- Target
  
  Battlefield 3 Aimbot/WinJect.exe
- Size
  
  540KB
- MD5
  
  6abce2783394bf829a97599d04a8def3
- SHA1
  
  2a7864232650cf6528c903ec505e4fc1cc59517c
- SHA256
  
  29ab5fe35a0f48c4683adf37e978abbfff23c0b2f8b416d58b18690ebf41a66a
- SHA512
  
  8c07c4b105296747f6224f161b00250e5fa54c4f7b2ad33313b91f4116917064f4acc315f664688346d0272bc77953c338fe40d4ed6e0fd5e5ad507f12cdf7b4
- SSDEEP
  
  6144:dHEUWvcNBG1R741QrIJvnjqHByUkz/urMkHug25ijoBFQi7f0u1WeJiXpH4raGpt:pFG1d4gIJLqcU9OgiioSOLKR4rFMgn
Score

10^/10

isrstealer bootkit persistence spyware stealer trojan
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral3 behavioral4