General
-
Target
990cdcf567b0dc24659a342f270f1fa6_JaffaCakes118
-
Size
687KB
-
Sample
240815-f5xlyssamr
-
MD5
990cdcf567b0dc24659a342f270f1fa6
-
SHA1
852234c77b8cb64420dea90187ff4297265baec1
-
SHA256
9eb54f2dbdb12b29af357d745ce033ffac85530449663b3b56fb8eedd6ec6cb5
-
SHA512
9a68f3dac1c004377d41dd3b737d890142eab4a9b38dcd1c2c3a1bc31ccce9b27b4f53ad3e8cc31eed473e4a2b9b8720e77573cc839bc85ca83aff186ab60980
-
SSDEEP
12288:tKVaEHXeSxUflzrZpvnSg5TORpc8UjlyZkagldPKNr:IZXevvnSgc3eyZu8
Malware Config
Targets
-
-
Target
990cdcf567b0dc24659a342f270f1fa6_JaffaCakes118
-
Size
687KB
-
MD5
990cdcf567b0dc24659a342f270f1fa6
-
SHA1
852234c77b8cb64420dea90187ff4297265baec1
-
SHA256
9eb54f2dbdb12b29af357d745ce033ffac85530449663b3b56fb8eedd6ec6cb5
-
SHA512
9a68f3dac1c004377d41dd3b737d890142eab4a9b38dcd1c2c3a1bc31ccce9b27b4f53ad3e8cc31eed473e4a2b9b8720e77573cc839bc85ca83aff186ab60980
-
SSDEEP
12288:tKVaEHXeSxUflzrZpvnSg5TORpc8UjlyZkagldPKNr:IZXevvnSgc3eyZu8
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-