Overview

overview

10

Static

static

3

1518458fa7...18.exe

windows7-x64

10

1518458fa7...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1518458fa7b2c49ad43b55954192de51_JaffaCakes118

  • Size

    4.2MB

  • Sample

    240627-hxsn5s1alp

  • MD5

    1518458fa7b2c49ad43b55954192de51

  • SHA1

    3169515affe0bc5bdde6bbbfba5c240121a1f21c

  • SHA256

    d529bbf0f6ae4ae4ebdbedeb281f1df8e03ea490e7cad6355ee0cfa79f060ff7

  • SHA512

    588a9ca7a5046836d014673175b412fab92d7cd142d699501e55610dafd93400f1992552dfb20d0c3c1531e320acb3c5df30f79e73e220bc5dea4986e51f0599

  • SSDEEP

    6144:7/m9kF4LhB959Ak24Fa8yVRasuSuvfQ1dskAsaJraBCDorAB:bfFWB9bpFatVMPfgsVpraB

Score
10/10
isrstealerstealertrojanupx

Malware Config

Targets

    • Target

      1518458fa7b2c49ad43b55954192de51_JaffaCakes118

    • Size

      4.2MB

    • MD5

      1518458fa7b2c49ad43b55954192de51

    • SHA1

      3169515affe0bc5bdde6bbbfba5c240121a1f21c

    • SHA256

      d529bbf0f6ae4ae4ebdbedeb281f1df8e03ea490e7cad6355ee0cfa79f060ff7

    • SHA512

      588a9ca7a5046836d014673175b412fab92d7cd142d699501e55610dafd93400f1992552dfb20d0c3c1531e320acb3c5df30f79e73e220bc5dea4986e51f0599

    • SSDEEP

      6144:7/m9kF4LhB959Ak24Fa8yVRasuSuvfQ1dskAsaJraBCDorAB:bfFWB9bpFatVMPfgsVpraB

    Score
    10/10
    isrstealerstealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks