General
-
Target
JaffaCakes118_8bd0bf298b834a0b248f320b943bf92e
-
Size
160KB
-
Sample
250329-vmfytay1h1
-
MD5
8bd0bf298b834a0b248f320b943bf92e
-
SHA1
1d6c81b390fd87c214efaa4fb36eb609901649bc
-
SHA256
ca9a0508098750e531fa463177c083ce1081272dd5d4171ca990452bde29b5b4
-
SHA512
2ccf5702787849b3ba7e4cdea5d746113bf0746b7d826b102692533fb1c9c433d4ff2237aedab0dc646546476809632b9514bbe00f6bd0d970c41ffb263ec2f1
-
SSDEEP
3072:1333CTQfE+ts5ivlINZni5StD/kJx9DYOy/WLLACxyvEL4ydXnX500NxY8Y8Zxm:13332P8s5AcZni5YknTy+LLACx0I4wXR
Malware Config
Targets
-
-
Target
JaffaCakes118_8bd0bf298b834a0b248f320b943bf92e
-
Size
160KB
-
MD5
8bd0bf298b834a0b248f320b943bf92e
-
SHA1
1d6c81b390fd87c214efaa4fb36eb609901649bc
-
SHA256
ca9a0508098750e531fa463177c083ce1081272dd5d4171ca990452bde29b5b4
-
SHA512
2ccf5702787849b3ba7e4cdea5d746113bf0746b7d826b102692533fb1c9c433d4ff2237aedab0dc646546476809632b9514bbe00f6bd0d970c41ffb263ec2f1
-
SSDEEP
3072:1333CTQfE+ts5ivlINZni5StD/kJx9DYOy/WLLACxyvEL4ydXnX500NxY8Y8Zxm:13332P8s5AcZni5YknTy+LLACx0I4wXR
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Isrstealer family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-