General
-
Target
5a515fb7d8ddc91230940f85120f9ff3_JaffaCakes118
-
Size
468KB
-
Sample
241019-cgmkaszgpe
-
MD5
5a515fb7d8ddc91230940f85120f9ff3
-
SHA1
a62d7292a968bdc478aed3f700fded2b58a25deb
-
SHA256
c45258fce9aa3ca55e4c3cefeca6c4b6a7d03ef53be0da688a2e54b642562735
-
SHA512
147464ddb8b2691a124f75690478e4027eaaf432d00c569a3d36fc6b910144ebbf1f784458784ed0caf54e044c3d6c2aa400ff1202a0e3a5c0bdcd5fbf6b05c2
-
SSDEEP
6144:79d2d8lEkce/IBpoaK7IapsCrY+JkUJ9vICA+JzRbKdMhA6ziHberIrVmce:pdJlU8IUZIaL3kUfA+1RedCi4iVje
Malware Config
Targets
-
-
Target
5a515fb7d8ddc91230940f85120f9ff3_JaffaCakes118
-
Size
468KB
-
MD5
5a515fb7d8ddc91230940f85120f9ff3
-
SHA1
a62d7292a968bdc478aed3f700fded2b58a25deb
-
SHA256
c45258fce9aa3ca55e4c3cefeca6c4b6a7d03ef53be0da688a2e54b642562735
-
SHA512
147464ddb8b2691a124f75690478e4027eaaf432d00c569a3d36fc6b910144ebbf1f784458784ed0caf54e044c3d6c2aa400ff1202a0e3a5c0bdcd5fbf6b05c2
-
SSDEEP
6144:79d2d8lEkce/IBpoaK7IapsCrY+JkUJ9vICA+JzRbKdMhA6ziHberIrVmce:pdJlU8IUZIaL3kUfA+1RedCi4iVje
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-