isrstealer | 4fb5b0e71bcc81aba81d9f146da8bf94a2ce19c742a16cfd7570c423b56abbbe | Triage

Submit
Reports

Overview

overview

Static

static

3

169a02aca1...18.exe

windows7-x64

169a02aca1...18.exe

windows10-2004-x64

Sharing

General

Target

169a02aca18a5f1bd5ab80218b894058_JaffaCakes118
Size

784KB
Sample

240627-tcjraaydnc
MD5

169a02aca18a5f1bd5ab80218b894058
SHA1

12283dfb978b283c80008d099084f0276bbc8185
SHA256

4fb5b0e71bcc81aba81d9f146da8bf94a2ce19c742a16cfd7570c423b56abbbe
SHA512

412a0158b5b2e0fb03e69bbe457703fa50403b56d03392a7d16f0f6f3bf163e1325e67bf095c51ddcf2348d069b30b44940b8cb321a36269362cc151a6d1b69f
SSDEEP

12288:W6kFwFcxhV4hG6rrxGiWFP98apHuOf+MfL2rqNInYBt3S9/AyejK5IhAn:7kF8cxD4o6rxGiWRHtu2C+YylVjHhAn

Score

10^/10

isrstealer bootkit persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

169a02aca18a5f1bd5ab80218b894058_JaffaCakes118.exe

Resource

win7-20240221-en

isrstealer bootkit persistence spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

169a02aca18a5f1bd5ab80218b894058_JaffaCakes118.exe

Resource

win10v2004-20240226-en

isrstealer bootkit persistence spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  169a02aca18a5f1bd5ab80218b894058_JaffaCakes118
- Size
  
  784KB
- MD5
  
  169a02aca18a5f1bd5ab80218b894058
- SHA1
  
  12283dfb978b283c80008d099084f0276bbc8185
- SHA256
  
  4fb5b0e71bcc81aba81d9f146da8bf94a2ce19c742a16cfd7570c423b56abbbe
- SHA512
  
  412a0158b5b2e0fb03e69bbe457703fa50403b56d03392a7d16f0f6f3bf163e1325e67bf095c51ddcf2348d069b30b44940b8cb321a36269362cc151a6d1b69f
- SSDEEP
  
  12288:W6kFwFcxhV4hG6rrxGiWFP98apHuOf+MfL2rqNInYBt3S9/AyejK5IhAn:7kF8cxD4o6rxGiWRHtu2C+YylVjHhAn
Score

10^/10

isrstealer bootkit persistence spyware stealer trojan
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerbootkitpersistencespywarestealertrojan

behavioral2

isrstealerbootkitpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy