General
-
Target
3cbb78cf1b286017ef9638b8b4c833c8_JaffaCakes118
-
Size
200KB
-
Sample
240712-kxpctsyfkc
-
MD5
3cbb78cf1b286017ef9638b8b4c833c8
-
SHA1
745712222454ac346dc32d36eb37e6419e42825c
-
SHA256
d8664643122a00f9943d486ae020cf5e44ea3bf2ce3eb4fb1414bb70bc2b3277
-
SHA512
e37ce60e97af29f6aa0f3ecfe6564f46c05832d194a9608a55e64660e0f9e0b345365b28ea42d28ee846baa16e7c791449771c33a7f409a3b6b34fadb26147ea
-
SSDEEP
3072:jgrqKPEzecsOLFT3NAjep1wZFa+4qUJ4brRiRxAQY:jgrcjscT3NEepSZn2tp
Malware Config
Targets
-
-
Target
3cbb78cf1b286017ef9638b8b4c833c8_JaffaCakes118
-
Size
200KB
-
MD5
3cbb78cf1b286017ef9638b8b4c833c8
-
SHA1
745712222454ac346dc32d36eb37e6419e42825c
-
SHA256
d8664643122a00f9943d486ae020cf5e44ea3bf2ce3eb4fb1414bb70bc2b3277
-
SHA512
e37ce60e97af29f6aa0f3ecfe6564f46c05832d194a9608a55e64660e0f9e0b345365b28ea42d28ee846baa16e7c791449771c33a7f409a3b6b34fadb26147ea
-
SSDEEP
3072:jgrqKPEzecsOLFT3NAjep1wZFa+4qUJ4brRiRxAQY:jgrcjscT3NEepSZn2tp
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetThreadContext
-