General
-
Target
c4d20a36d9f0e1ca758818b3be981779
-
Size
606KB
-
Sample
240313-dmr8eadc96
-
MD5
c4d20a36d9f0e1ca758818b3be981779
-
SHA1
2d55fcb91c41aa7d63f240fc1c5a49c919cc4487
-
SHA256
1fbf779d7f1d4dfe9cd3f7c84c6e5763bb77530acc11732563e7abaeaba65a93
-
SHA512
e926955240c20b52d885a3471bd422cf0903e49260595419cdef1851676539b84379c1a6959a8ef9452352035f443052886d0a10c913da91824a0a0ae5e77ffe
-
SSDEEP
12288:DrVRbtxoNY4psjC6bswqW4jV//1iVs9odGn:DrFuJVMFMie9odO
Malware Config
Targets
-
-
Target
c4d20a36d9f0e1ca758818b3be981779
-
Size
606KB
-
MD5
c4d20a36d9f0e1ca758818b3be981779
-
SHA1
2d55fcb91c41aa7d63f240fc1c5a49c919cc4487
-
SHA256
1fbf779d7f1d4dfe9cd3f7c84c6e5763bb77530acc11732563e7abaeaba65a93
-
SHA512
e926955240c20b52d885a3471bd422cf0903e49260595419cdef1851676539b84379c1a6959a8ef9452352035f443052886d0a10c913da91824a0a0ae5e77ffe
-
SSDEEP
12288:DrVRbtxoNY4psjC6bswqW4jV//1iVs9odGn:DrFuJVMFMie9odO
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-