Overview

overview

10

Static

static

3

05730af4dc...18.exe

windows7-x64

10

05730af4dc...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05730af4dc030ac093a945e2912be8cd_JaffaCakes118

  • Size

    5.3MB

  • Sample

    240620-m9hf6aybrj

  • MD5

    05730af4dc030ac093a945e2912be8cd

  • SHA1

    cea6918c3899d59d2098b6be893ec9865952e0b6

  • SHA256

    9b663d324d3316df0866ab8c0f86371a71399399672fbfa4a50410d367787e8b

  • SHA512

    67f42ed04b1c411a1321b166d44af1180eab0078bae766bb4695dad2de2a713c97831121aa93977c1b8fd61a0535f1d63b13ff0707e68421efda78c34bab7f14

  • SSDEEP

    6144:7/m9kF4LhB959Ak24Fa8yVRasuSuvfQ1dskAsaJraBCDorAB:bfFWB9bpFatVMPfgsVpraB

Score
10/10
isrstealerstealertrojanupx

Malware Config

Targets

    • Target

      05730af4dc030ac093a945e2912be8cd_JaffaCakes118

    • Size

      5.3MB

    • MD5

      05730af4dc030ac093a945e2912be8cd

    • SHA1

      cea6918c3899d59d2098b6be893ec9865952e0b6

    • SHA256

      9b663d324d3316df0866ab8c0f86371a71399399672fbfa4a50410d367787e8b

    • SHA512

      67f42ed04b1c411a1321b166d44af1180eab0078bae766bb4695dad2de2a713c97831121aa93977c1b8fd61a0535f1d63b13ff0707e68421efda78c34bab7f14

    • SSDEEP

      6144:7/m9kF4LhB959Ak24Fa8yVRasuSuvfQ1dskAsaJraBCDorAB:bfFWB9bpFatVMPfgsVpraB

    Score
    10/10
    isrstealerstealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks