Overview

overview

10

Static

static

7

4265cf1109...18.exe

windows7-x64

10

4265cf1109...18.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4265cf110991da4924fb72793a9a357e_JaffaCakes118

  • Size

    744KB

  • Sample

    240713-tk9bxazcpc

  • MD5

    4265cf110991da4924fb72793a9a357e

  • SHA1

    01d8c25d18080dd78c7d89894e6b7e7443ed9239

  • SHA256

    7a703a5b46e1db15dec5d2c2ebb391ee3742c216535d8b8ad5ed008f9cc42bd2

  • SHA512

    5a5694cbb9e2355a1008d2ff1e12915d61497db0a20c6feb41703532cd3ceb762f4eeb48b2123c371498d8ee62bdd2d76e6ce3f374be694bac5151568a0edd11

  • SSDEEP

    12288:lD2JU7/h7l+wH09eaUf04v+9+TZl1aaXshOJasVS8b9PcEuXJZdf1mchn4jw7fV4:lD/+WoxD4vSAZnasoWqECJZB1mXkbV

Score
10/10
isrstealerevasionspywarestealerthemidatrojan

Malware Config

Targets

    • Target

      4265cf110991da4924fb72793a9a357e_JaffaCakes118

    • Size

      744KB

    • MD5

      4265cf110991da4924fb72793a9a357e

    • SHA1

      01d8c25d18080dd78c7d89894e6b7e7443ed9239

    • SHA256

      7a703a5b46e1db15dec5d2c2ebb391ee3742c216535d8b8ad5ed008f9cc42bd2

    • SHA512

      5a5694cbb9e2355a1008d2ff1e12915d61497db0a20c6feb41703532cd3ceb762f4eeb48b2123c371498d8ee62bdd2d76e6ce3f374be694bac5151568a0edd11

    • SSDEEP

      12288:lD2JU7/h7l+wH09eaUf04v+9+TZl1aaXshOJasVS8b9PcEuXJZdf1mchn4jw7fV4:lD/+WoxD4vSAZnasoWqECJZB1mXkbV

    Score
    10/10
    isrstealerevasionspywarestealerthemidatrojan

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • Detected Nirsoft tools

      Free utilities often used by attackers which can steal passwords, product keys, etc.

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks