General
-
Target
13a199850a238ceff22998dd97323260_JaffaCakes118
-
Size
190KB
-
Sample
240626-1zxpzszajn
-
MD5
13a199850a238ceff22998dd97323260
-
SHA1
e80c4eac7d8f04bae6b7ca7cc3f4df0d0efb0f22
-
SHA256
8c0e1f0cb5679571cf2b129c98853018823e0e7674cfc7c5973d4053dfda0578
-
SHA512
4bff87799025997a9013ce692257ac0895c518f2dd899988f6800fe245a8c40342673f949035996737aeb7eb68ba19acf163ababea4219cc8a857fc17c6d3fb8
-
SSDEEP
3072:zCOP+8j32s/exLyOpLXjeyYHbLIulrVGvZZbCwJkASIWzIbcligqgqxR7Lb:Pm99horZ6swCIWEbcliBZx
Malware Config
Targets
-
-
Target
13a199850a238ceff22998dd97323260_JaffaCakes118
-
Size
190KB
-
MD5
13a199850a238ceff22998dd97323260
-
SHA1
e80c4eac7d8f04bae6b7ca7cc3f4df0d0efb0f22
-
SHA256
8c0e1f0cb5679571cf2b129c98853018823e0e7674cfc7c5973d4053dfda0578
-
SHA512
4bff87799025997a9013ce692257ac0895c518f2dd899988f6800fe245a8c40342673f949035996737aeb7eb68ba19acf163ababea4219cc8a857fc17c6d3fb8
-
SSDEEP
3072:zCOP+8j32s/exLyOpLXjeyYHbLIulrVGvZZbCwJkASIWzIbcligqgqxR7Lb:Pm99horZ6swCIWEbcliBZx
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-