isrstealer | 0a4091e082cd283c9b24277cdcf0bff2adbadde1371b81321620cd4f85dde7e5 | Triage

Submit
Reports

Overview

overview

Static

static

3

066d70aad3...18.exe

windows7-x64

066d70aad3...18.exe

windows10-2004-x64

Sharing

General

Target

066d70aad37e93ff30dfea3cd49ccc79_JaffaCakes118
Size

439KB
Sample

240429-aygn9sda87
MD5

066d70aad37e93ff30dfea3cd49ccc79
SHA1

0de81c392d9eaa47c2a42e2ea8e0cc33519448b8
SHA256

0a4091e082cd283c9b24277cdcf0bff2adbadde1371b81321620cd4f85dde7e5
SHA512

8d53f0c36c0207ac1cfffee70d6070a24d47bf5e7f5c93d1d21eb6a2f931b08c6680ecb78c4e3c47d5e35737d35363837942c9f42321693059dce84a0008e587
SSDEEP

6144:csoxUUS9H0b5sDO1GdtzvZquk15Qu93RJW9MchgGDG6g9C+DqdhTEKFXe:E+UevdtzwbCU6McZK6g9DqD/FXe

Score

10^/10

isrstealer collection stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

066d70aad37e93ff30dfea3cd49ccc79_JaffaCakes118.exe

Resource

win7-20240221-en

isrstealer stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

066d70aad37e93ff30dfea3cd49ccc79_JaffaCakes118.exe

Resource

win10v2004-20240419-en

isrstealer collection stealer trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  066d70aad37e93ff30dfea3cd49ccc79_JaffaCakes118
- Size
  
  439KB
- MD5
  
  066d70aad37e93ff30dfea3cd49ccc79
- SHA1
  
  0de81c392d9eaa47c2a42e2ea8e0cc33519448b8
- SHA256
  
  0a4091e082cd283c9b24277cdcf0bff2adbadde1371b81321620cd4f85dde7e5
- SHA512
  
  8d53f0c36c0207ac1cfffee70d6070a24d47bf5e7f5c93d1d21eb6a2f931b08c6680ecb78c4e3c47d5e35737d35363837942c9f42321693059dce84a0008e587
- SSDEEP
  
  6144:csoxUUS9H0b5sDO1GdtzvZquk15Qu93RJW9MchgGDG6g9C+DqdhTEKFXe:E+UevdtzwbCU6McZK6g9DqD/FXe
Score

10^/10

isrstealer stealer trojan collection upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses Microsoft Outlook accounts
  collection
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerstealertrojan

behavioral2

isrstealercollectionstealertrojanupx

© 2018-2025

Terms | Privacy