General
-
Target
2e2269e8d4c3a268fafd3f798c123a34_JaffaCakes118
-
Size
352KB
-
Sample
240708-2yb8bswbqf
-
MD5
2e2269e8d4c3a268fafd3f798c123a34
-
SHA1
4f2b474b20ddd19fb8882ea43bcc27975f4e21ad
-
SHA256
6be2e789944d80ec9bd38c47409d28c2cd5780d92a1c2a5033e898cc5a421876
-
SHA512
b7d2b4e6f83bd7477642da1c13810fba2c9b230a884b1ac1913defa7ebf6e43bad062861757cd3750b5d52ee6c77e4c90b8fbc1ccd57bf79447701e50b0bb218
-
SSDEEP
6144:TecMcsQ2GsTUA2UOo2Jc4aCEQ+IDW6PIXTb6on:TLMcsQ2GsTUA2UOo2Jc4aCEQ+56PIXZn
Malware Config
Targets
-
-
Target
2e2269e8d4c3a268fafd3f798c123a34_JaffaCakes118
-
Size
352KB
-
MD5
2e2269e8d4c3a268fafd3f798c123a34
-
SHA1
4f2b474b20ddd19fb8882ea43bcc27975f4e21ad
-
SHA256
6be2e789944d80ec9bd38c47409d28c2cd5780d92a1c2a5033e898cc5a421876
-
SHA512
b7d2b4e6f83bd7477642da1c13810fba2c9b230a884b1ac1913defa7ebf6e43bad062861757cd3750b5d52ee6c77e4c90b8fbc1ccd57bf79447701e50b0bb218
-
SSDEEP
6144:TecMcsQ2GsTUA2UOo2Jc4aCEQ+IDW6PIXTb6on:TLMcsQ2GsTUA2UOo2Jc4aCEQ+56PIXZn
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-