General
-
Target
JaffaCakes118_cb119a6b42da7bba1b6151f2e0bd6f1e
-
Size
523KB
-
Sample
250119-sg2xzssnes
-
MD5
cb119a6b42da7bba1b6151f2e0bd6f1e
-
SHA1
d24065f78cbef5a9ae8cd898202b0c0b621059fc
-
SHA256
60c69015a52ab0edd4245671fbe2cdb8d2cd8ec1db66e904f8039b7ee770ed3b
-
SHA512
235172da6120853d3d1e6e3ed3123bcbe2517dc2f8390e62f59b3f15415e1afd04f22f263e1d7e1949d4b9170c62ed0b1373ac95e11a0f97e1f0a9ca84f446cf
-
SSDEEP
12288:jwTIx3EovSNq63oXcMGBdVhPo1esAT0ysDC8:jw0REovSNqSkGBdVdo1TCtAC
Malware Config
Targets
-
-
Target
JaffaCakes118_cb119a6b42da7bba1b6151f2e0bd6f1e
-
Size
523KB
-
MD5
cb119a6b42da7bba1b6151f2e0bd6f1e
-
SHA1
d24065f78cbef5a9ae8cd898202b0c0b621059fc
-
SHA256
60c69015a52ab0edd4245671fbe2cdb8d2cd8ec1db66e904f8039b7ee770ed3b
-
SHA512
235172da6120853d3d1e6e3ed3123bcbe2517dc2f8390e62f59b3f15415e1afd04f22f263e1d7e1949d4b9170c62ed0b1373ac95e11a0f97e1f0a9ca84f446cf
-
SSDEEP
12288:jwTIx3EovSNq63oXcMGBdVhPo1esAT0ysDC8:jw0REovSNqSkGBdVdo1TCtAC
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Isrstealer family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-