General
-
Target
JaffaCakes118_8e7f8155a6ab8221d08e84845d0d9eba
-
Size
92KB
-
Sample
250204-bsqweszpbx
-
MD5
8e7f8155a6ab8221d08e84845d0d9eba
-
SHA1
0430dc355748ef60811b985a8792cc15e9ead7d6
-
SHA256
32a138c46072d8d2f8ccc76051e1d80ccaf827d18c535a51182674c6782d40f3
-
SHA512
8b687cc9b7eb09343f38d5b5c19b2af49aa6e2d0c0c39e189c0bb527239e2360d30ada726df82ace95d968e0627a2cc537a9c98ad1c9c9eca054b33a9bde810e
-
SSDEEP
1536:sBcBV9bgG3trrXduJG/R5BJ3BF/lAuDKzciDeAYsEUTIDw0LY75Lx/m:sCHBHXdu0/7L3DlpXueAfEUTIDwIY7hE
Malware Config
Targets
-
-
Target
JaffaCakes118_8e7f8155a6ab8221d08e84845d0d9eba
-
Size
92KB
-
MD5
8e7f8155a6ab8221d08e84845d0d9eba
-
SHA1
0430dc355748ef60811b985a8792cc15e9ead7d6
-
SHA256
32a138c46072d8d2f8ccc76051e1d80ccaf827d18c535a51182674c6782d40f3
-
SHA512
8b687cc9b7eb09343f38d5b5c19b2af49aa6e2d0c0c39e189c0bb527239e2360d30ada726df82ace95d968e0627a2cc537a9c98ad1c9c9eca054b33a9bde810e
-
SSDEEP
1536:sBcBV9bgG3trrXduJG/R5BJ3BF/lAuDKzciDeAYsEUTIDw0LY75Lx/m:sCHBHXdu0/7L3DlpXueAfEUTIDwIY7hE
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Isrstealer family
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-