General
-
Target
809dcc68a24a0b9e0e14929b911c21f8_JaffaCakes118
-
Size
576KB
-
Sample
240801-qhykvawfph
-
MD5
809dcc68a24a0b9e0e14929b911c21f8
-
SHA1
7e555d953a01a79b165272865acfa25b25073161
-
SHA256
842e398cc69c9eb78957f024e60889a9a8a79d163c4db8584415264ea964b438
-
SHA512
6f30ee2ae54e0ee7ccf67825879f9ad4914356ce6114b59267fa1c79132c3ffc6abe84f45bdd7fdfaaf129468ab8ffac6ad7ac36053d47bfbe7f7b530bbac2fd
-
SSDEEP
12288:Bf0XZPINCzwnQXdXjHoHtuN2L8P0dGu/o8gR/v80b2nO:yPINawnQNXjHoHG2wPXuQ8MziO
Malware Config
Targets
-
-
Target
809dcc68a24a0b9e0e14929b911c21f8_JaffaCakes118
-
Size
576KB
-
MD5
809dcc68a24a0b9e0e14929b911c21f8
-
SHA1
7e555d953a01a79b165272865acfa25b25073161
-
SHA256
842e398cc69c9eb78957f024e60889a9a8a79d163c4db8584415264ea964b438
-
SHA512
6f30ee2ae54e0ee7ccf67825879f9ad4914356ce6114b59267fa1c79132c3ffc6abe84f45bdd7fdfaaf129468ab8ffac6ad7ac36053d47bfbe7f7b530bbac2fd
-
SSDEEP
12288:Bf0XZPINCzwnQXdXjHoHtuN2L8P0dGu/o8gR/v80b2nO:yPINawnQNXjHoHG2wPXuQ8MziO
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-