isrstealer | d97496bd7b2111c332f4ea8e1af4938be8db36c8de4c7eba7d2d2b4520a5c0bf | Triage

Submit
Reports

Overview

overview

Static

static

3

023224dcec...18.exe

windows7-x64

023224dcec...18.exe

windows10-2004-x64

Sharing

General

Target

023224dcec53ae2b55eb5eb2d5cc78c5_JaffaCakes118
Size

4.5MB
Sample

240620-dddnnazajl
MD5

023224dcec53ae2b55eb5eb2d5cc78c5
SHA1

863af06d6e17f12ad05b3f96d515fa661beb8f2b
SHA256

d97496bd7b2111c332f4ea8e1af4938be8db36c8de4c7eba7d2d2b4520a5c0bf
SHA512

d48e1041fae9b5dc216c18b74dd6cb0313ea1d9169a248243aabb32604e0a80723529a169d6ed59d2196419958b75dd468d6bcb8f52a8c07dbf712ae90d9bbc7
SSDEEP

6144:7/m9kF4LhB959Ak24Fa8yVRasuSuvfQ1dskAsaJraBCDorAB:bfFWB9bpFatVMPfgsVpraB

Score

10^/10

isrstealer stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

023224dcec53ae2b55eb5eb2d5cc78c5_JaffaCakes118.exe

Resource

win7-20240508-en

isrstealer stealer trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

023224dcec53ae2b55eb5eb2d5cc78c5_JaffaCakes118.exe

Resource

win10v2004-20240508-en

isrstealer stealer trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  023224dcec53ae2b55eb5eb2d5cc78c5_JaffaCakes118
- Size
  
  4.5MB
- MD5
  
  023224dcec53ae2b55eb5eb2d5cc78c5
- SHA1
  
  863af06d6e17f12ad05b3f96d515fa661beb8f2b
- SHA256
  
  d97496bd7b2111c332f4ea8e1af4938be8db36c8de4c7eba7d2d2b4520a5c0bf
- SHA512
  
  d48e1041fae9b5dc216c18b74dd6cb0313ea1d9169a248243aabb32604e0a80723529a169d6ed59d2196419958b75dd468d6bcb8f52a8c07dbf712ae90d9bbc7
- SSDEEP
  
  6144:7/m9kF4LhB959Ak24Fa8yVRasuSuvfQ1dskAsaJraBCDorAB:bfFWB9bpFatVMPfgsVpraB
Score

10^/10

isrstealer stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerstealertrojanupx

behavioral2

isrstealerstealertrojanupx

© 2018-2024

Terms | Privacy