isrstealer | 9514c96ca877e13960c07ba58f54091df835f1f5b4135c16f9dc4cd78928c85c | Triage

Submit
Reports

Overview

overview

Static

static

3

123ead4a0c...18.exe

windows7-x64

123ead4a0c...18.exe

windows10-2004-x64

Sharing

General

Target

123ead4a0cba2ca67d621f835011e12f_JaffaCakes118
Size

351KB
Sample

240626-rdywgsxgmc
MD5

123ead4a0cba2ca67d621f835011e12f
SHA1

d28b7f8946faaebe82ce8cc36cce0df640a2c5b5
SHA256

9514c96ca877e13960c07ba58f54091df835f1f5b4135c16f9dc4cd78928c85c
SHA512

7c8413d165b74ba39c4272ca4dc851d8ceb837eaa251aaf41d66ab43fc7b8bd606a0da0469b533a14ff0b34c55fc87dc8c619c629bd18926ddd82660baae0299
SSDEEP

6144:VpQz6Vc6iK52P9osBDxioZPo35ruomQ2m1XrP1Dnoez844Y2nm7zHQD1vxSN:V6QniK5SBEzsI3BrP1bHg4HNPwRvc

Score

10^/10

isrstealer spyware stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

123ead4a0cba2ca67d621f835011e12f_JaffaCakes118.exe

Resource

win7-20240221-en

isrstealer spyware stealer trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

123ead4a0cba2ca67d621f835011e12f_JaffaCakes118.exe

Resource

win10v2004-20240611-en

isrstealer spyware stealer trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  123ead4a0cba2ca67d621f835011e12f_JaffaCakes118
- Size
  
  351KB
- MD5
  
  123ead4a0cba2ca67d621f835011e12f
- SHA1
  
  d28b7f8946faaebe82ce8cc36cce0df640a2c5b5
- SHA256
  
  9514c96ca877e13960c07ba58f54091df835f1f5b4135c16f9dc4cd78928c85c
- SHA512
  
  7c8413d165b74ba39c4272ca4dc851d8ceb837eaa251aaf41d66ab43fc7b8bd606a0da0469b533a14ff0b34c55fc87dc8c619c629bd18926ddd82660baae0299
- SSDEEP
  
  6144:VpQz6Vc6iK52P9osBDxioZPo35ruomQ2m1XrP1Dnoez844Y2nm7zHQD1vxSN:V6QniK5SBEzsI3BrP1bHg4HNPwRvc
Score

10^/10

isrstealer spyware stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerspywarestealertrojanupx

behavioral2

isrstealerspywarestealertrojanupx

© 2018-2024

Terms | Privacy