General
-
Target
16d143711c1d631e3034c279d6a5cb88_JaffaCakes118
-
Size
280KB
-
Sample
240627-vqfr8a1drd
-
MD5
16d143711c1d631e3034c279d6a5cb88
-
SHA1
fb931528d88d8e4107c5bdda1125c00a341d5656
-
SHA256
0359fe210e864779b977a9b12ad000fa0cbaa97ea4c8e12af197ba0a30303b58
-
SHA512
1824afc66ab91756d995a39acb32a8392cc59b79968fa897a750046f16141afe31014ee5a26d446659ae5ae64a67728121b18eb6b7e904ae94ddd19cc3aaf088
-
SSDEEP
6144:Mi1TzaLuFWa1lW6QNT1gC3B7n/4K51z2abHL/nDOYNHUbUQcDKbtavfw8a:t1TzaLulqgC3B7N50abHL/nDOYljQrbh
Malware Config
Targets
-
-
Target
16d143711c1d631e3034c279d6a5cb88_JaffaCakes118
-
Size
280KB
-
MD5
16d143711c1d631e3034c279d6a5cb88
-
SHA1
fb931528d88d8e4107c5bdda1125c00a341d5656
-
SHA256
0359fe210e864779b977a9b12ad000fa0cbaa97ea4c8e12af197ba0a30303b58
-
SHA512
1824afc66ab91756d995a39acb32a8392cc59b79968fa897a750046f16141afe31014ee5a26d446659ae5ae64a67728121b18eb6b7e904ae94ddd19cc3aaf088
-
SSDEEP
6144:Mi1TzaLuFWa1lW6QNT1gC3B7n/4K51z2abHL/nDOYNHUbUQcDKbtavfw8a:t1TzaLulqgC3B7N50abHL/nDOYljQrbh
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Modifies security service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1