General
-
Target
db151beaf532d06638fb04490534308b_JaffaCakes118
-
Size
492KB
-
Sample
240911-yaz3pszakd
-
MD5
db151beaf532d06638fb04490534308b
-
SHA1
891a58de831a753cedd2efa0f4a75db15d1adde6
-
SHA256
e45d0170b7d304757cfd62e3089ce7d820f52bfb46825f9d71ee52273c3a6a48
-
SHA512
914b3cbed2db626e6db53b53a4cd63adb7eb7cab2f9a4472a75e03cf6987cba49bc376c68f4a3cb26db3358e434286f6db15b9bf23054acc2f732118499f3e57
-
SSDEEP
12288:8udnd56RwcOj5JGlJWCwRGjGIVNBrH201gRWrfqI65:80d56Rwcq+QatVNBL1gRWjq
Malware Config
Targets
-
-
Target
db151beaf532d06638fb04490534308b_JaffaCakes118
-
Size
492KB
-
MD5
db151beaf532d06638fb04490534308b
-
SHA1
891a58de831a753cedd2efa0f4a75db15d1adde6
-
SHA256
e45d0170b7d304757cfd62e3089ce7d820f52bfb46825f9d71ee52273c3a6a48
-
SHA512
914b3cbed2db626e6db53b53a4cd63adb7eb7cab2f9a4472a75e03cf6987cba49bc376c68f4a3cb26db3358e434286f6db15b9bf23054acc2f732118499f3e57
-
SSDEEP
12288:8udnd56RwcOj5JGlJWCwRGjGIVNBrH201gRWrfqI65:80d56Rwcq+QatVNBL1gRWjq
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-