General
-
Target
JaffaCakes118_aa55a896d27c573c44b0f6b36529a19f
-
Size
584KB
-
Sample
250410-qv4ydssybs
-
MD5
aa55a896d27c573c44b0f6b36529a19f
-
SHA1
4b08027845296f05bb8251a70aa054ff16aabdfd
-
SHA256
53fba2b982786f4089a9b25645858bc9d57fd6a0611e64e5b21567a4fc6713d5
-
SHA512
2e4df771683a664945ee6876980dafd188ce77ae53aa72f7166da5365e73952ec9183ab4eac5b469b1b629f19f30b155a889679ea699c19101a37a5391446b57
-
SSDEEP
12288:koB7Xn+tZe3Ai7fbVYhaJqGMeK4ZN6Y3SoJCzVXV49z/:kKKToSF49z
Malware Config
Targets
-
-
Target
JaffaCakes118_aa55a896d27c573c44b0f6b36529a19f
-
Size
584KB
-
MD5
aa55a896d27c573c44b0f6b36529a19f
-
SHA1
4b08027845296f05bb8251a70aa054ff16aabdfd
-
SHA256
53fba2b982786f4089a9b25645858bc9d57fd6a0611e64e5b21567a4fc6713d5
-
SHA512
2e4df771683a664945ee6876980dafd188ce77ae53aa72f7166da5365e73952ec9183ab4eac5b469b1b629f19f30b155a889679ea699c19101a37a5391446b57
-
SSDEEP
12288:koB7Xn+tZe3Ai7fbVYhaJqGMeK4ZN6Y3SoJCzVXV49z/:kKKToSF49z
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Isrstealer family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-