isrstealer | af9af43594a39f022a8b8b54c46dcd368982b2147b603f97034c25d0945dfbb9

General

Target

2603a878062e895071741970fb915e04_JaffaCakes118
Size

176KB
Sample

240704-ycsreaxfje
MD5

2603a878062e895071741970fb915e04
SHA1

3cbe752a21d0d549518bee4873dd2576709379c5
SHA256

af9af43594a39f022a8b8b54c46dcd368982b2147b603f97034c25d0945dfbb9
SHA512

337f4b07fe686fe1d42db1815aa85c3ffa9181a517ae9064bf3022273d3e8d76ace10ea24f2d4211f8ebcbfd557f1e144190b6f7ef08cc817db3103afc3f4ad1
SSDEEP

3072:Xbx0E6o1HZ/aV/sX+lwHG8MFwDp4T+QYsj4T1LI37ANaxo+7B:XIYM3w05Icr9C+7

Score

10^/10

Malware Config

Targets

- Target
  
  2603a878062e895071741970fb915e04_JaffaCakes118
- Size
  
  176KB
- MD5
  
  2603a878062e895071741970fb915e04
- SHA1
  
  3cbe752a21d0d549518bee4873dd2576709379c5
- SHA256
  
  af9af43594a39f022a8b8b54c46dcd368982b2147b603f97034c25d0945dfbb9
- SHA512
  
  337f4b07fe686fe1d42db1815aa85c3ffa9181a517ae9064bf3022273d3e8d76ace10ea24f2d4211f8ebcbfd557f1e144190b6f7ef08cc817db3103afc3f4ad1
- SSDEEP
  
  3072:Xbx0E6o1HZ/aV/sX+lwHG8MFwDp4T+QYsj4T1LI37ANaxo+7B:XIYM3w05Icr9C+7
Score

10^/10

isrstealer spyware stealer trojan
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ISR Stealer

ISR Stealer payload

Executes dropped EXE

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2