isrstealer | 6bf8fa7d649b794a5d29ba022104117628948061fb6b7d07e2930ed8171be8b5 | Triage

Submit
Reports

Overview

overview

Static

static

3

1f4e571f8d...18.exe

windows7-x64

1f4e571f8d...18.exe

windows10-2004-x64

Sharing

General

Target

1f4e571f8d420ff455efecde40a5e5c6_JaffaCakes118
Size

326KB
Sample

240702-phtq8a1hjd
MD5

1f4e571f8d420ff455efecde40a5e5c6
SHA1

e8838441fdd255089a0f509f4359c22d3e1efacb
SHA256

6bf8fa7d649b794a5d29ba022104117628948061fb6b7d07e2930ed8171be8b5
SHA512

c46e076d8ec33ed9544a6dac5486ca8309a953aec722ccb9ca102b88b8e0bf931e5d4e0f320ba761a17aefddaab5144cc85bae4db002ec08a450c2ccd8af2896
SSDEEP

6144:vtYldB7BsYf+Imq1v2BFRFl/kueRW/HP5XoOrQSMt6ZDNvc8L9DhqpwcLT1SQiik:ITBLmMv2BFR7+wHP9PE6ZC8L9D4pBTEx

Score

10^/10

isrstealer stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1f4e571f8d420ff455efecde40a5e5c6_JaffaCakes118.exe

Resource

win7-20240508-en

isrstealer stealer trojan upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

1f4e571f8d420ff455efecde40a5e5c6_JaffaCakes118.exe

Resource

win10v2004-20240611-en

isrstealer stealer trojan upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  1f4e571f8d420ff455efecde40a5e5c6_JaffaCakes118
- Size
  
  326KB
- MD5
  
  1f4e571f8d420ff455efecde40a5e5c6
- SHA1
  
  e8838441fdd255089a0f509f4359c22d3e1efacb
- SHA256
  
  6bf8fa7d649b794a5d29ba022104117628948061fb6b7d07e2930ed8171be8b5
- SHA512
  
  c46e076d8ec33ed9544a6dac5486ca8309a953aec722ccb9ca102b88b8e0bf931e5d4e0f320ba761a17aefddaab5144cc85bae4db002ec08a450c2ccd8af2896
- SSDEEP
  
  6144:vtYldB7BsYf+Imq1v2BFRFl/kueRW/HP5XoOrQSMt6ZDNvc8L9DhqpwcLT1SQiik:ITBLmMv2BFR7+wHP9PE6ZC8L9D4pBTEx
Score

10^/10

isrstealer stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerstealertrojanupx

behavioral2

isrstealerstealertrojanupx

© 2018-2024

Terms | Privacy