isrstealer | 1641c4fdceed245cae1d54d5818a3762dc33e12e37390ef6eb9fea784d7478be | Triage

Submit
Reports

Overview

overview

Static

static

3

2d8c1ee5a6...18.exe

windows7-x64

2d8c1ee5a6...18.exe

windows10-2004-x64

Sharing

General

Target

2d8c1ee5a68ea7a0f99f922fb77f324b_JaffaCakes118
Size

4.1MB
Sample

240708-x6fs9svdpl
MD5

2d8c1ee5a68ea7a0f99f922fb77f324b
SHA1

175ceba8955b52395459686277aa2b518cbfb6ed
SHA256

1641c4fdceed245cae1d54d5818a3762dc33e12e37390ef6eb9fea784d7478be
SHA512

d64d00baf228ac067c9f26d3da3a916a51c38e052d8afeac38b037d9740608e4a1a885cb19cb2bc42dd7c10e62f1631e7f773c3dd5a28e25387d0297b5943135
SSDEEP

6144:7/m9kF4LhB959Ak24Fa8yVRasuSuvfQ1dskAsaJraBCDorAB:bfFWB9bpFatVMPfgsVpraB

Score

10^/10

isrstealer stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2d8c1ee5a68ea7a0f99f922fb77f324b_JaffaCakes118.exe

Resource

win7-20240704-en

isrstealer stealer trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

2d8c1ee5a68ea7a0f99f922fb77f324b_JaffaCakes118.exe

Resource

win10v2004-20240704-en

isrstealer stealer trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  2d8c1ee5a68ea7a0f99f922fb77f324b_JaffaCakes118
- Size
  
  4.1MB
- MD5
  
  2d8c1ee5a68ea7a0f99f922fb77f324b
- SHA1
  
  175ceba8955b52395459686277aa2b518cbfb6ed
- SHA256
  
  1641c4fdceed245cae1d54d5818a3762dc33e12e37390ef6eb9fea784d7478be
- SHA512
  
  d64d00baf228ac067c9f26d3da3a916a51c38e052d8afeac38b037d9740608e4a1a885cb19cb2bc42dd7c10e62f1631e7f773c3dd5a28e25387d0297b5943135
- SSDEEP
  
  6144:7/m9kF4LhB959Ak24Fa8yVRasuSuvfQ1dskAsaJraBCDorAB:bfFWB9bpFatVMPfgsVpraB
Score

10^/10

isrstealer stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerstealertrojanupx

behavioral2

isrstealerstealertrojanupx

© 2018-2025

Terms | Privacy