isrstealer | c970ead0023376ae7d13d55f16e7242b04efce55ddb923acece5ef254f2b3492 | Triage

Sharing

General

Target

222386d52df00ece988740b592c4d035_JaffaCakes118
Size

225KB
Sample

240703-m6kgcatcpp
MD5

222386d52df00ece988740b592c4d035
SHA1

3f54f12c9d0c5cbdee07d44638845224bd0ba80a
SHA256

c970ead0023376ae7d13d55f16e7242b04efce55ddb923acece5ef254f2b3492
SHA512

ab28b3af691b7f716669159d11d0eeaeeba58effa605901023ae860cbd64ad06dff77691d0450debe8b4b08d85f6a10c84730b929b6c7c1d085acb38582bc887
SSDEEP

6144:KlaAyIAWVT/c770ecOaCKWHVBwF8I8cUHI+3XIfwPG:KASTVbc770C/KWAFT8c0HOw

Score

10^/10

isrstealer persistence stealer trojan

Malware Config

Targets

- Target
  
  222386d52df00ece988740b592c4d035_JaffaCakes118
- Size
  
  225KB
- MD5
  
  222386d52df00ece988740b592c4d035
- SHA1
  
  3f54f12c9d0c5cbdee07d44638845224bd0ba80a
- SHA256
  
  c970ead0023376ae7d13d55f16e7242b04efce55ddb923acece5ef254f2b3492
- SHA512
  
  ab28b3af691b7f716669159d11d0eeaeeba58effa605901023ae860cbd64ad06dff77691d0450debe8b4b08d85f6a10c84730b929b6c7c1d085acb38582bc887
- SSDEEP
  
  6144:KlaAyIAWVT/c770ecOaCKWHVBwF8I8cUHI+3XIfwPG:KASTVbc770C/KWAFT8c0HOw
Score

10^/10

isrstealer persistence stealer trojan
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerpersistencestealertrojan

behavioral2

isrstealerpersistencestealertrojan