isrstealer | 1d03f8df088e33d558094c363d8e499557e7f96f3d31f699f776db61c29fb255 | Triage

Submit
Reports

Overview

overview

Static

static

3

49b4d87aef...18.exe

windows7-x64

49b4d87aef...18.exe

windows10-2004-x64

Sharing

General

Target

49b4d87aef4bb0a3f925860147b6bdc1_JaffaCakes118
Size

5.2MB
Sample

240715-n99q3szhqd
MD5

49b4d87aef4bb0a3f925860147b6bdc1
SHA1

857237fb27953167c1ec8ee01666a3920100ef02
SHA256

1d03f8df088e33d558094c363d8e499557e7f96f3d31f699f776db61c29fb255
SHA512

ffa4c7e4592b1434f389e229175cc88b9455a07507c80bf38e9f9ae1c8d9b9db40f1d184a4180e99607c8062693327ac445a67828e81bc96fe7503f93c6a70ad
SSDEEP

6144:7/m9kF4LhB959Ak24Fa8yVRasuSuvfQ1dskAsaJraBCDorAB:bfFWB9bpFatVMPfgsVpraB

Score

10^/10

isrstealer stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

49b4d87aef4bb0a3f925860147b6bdc1_JaffaCakes118.exe

Resource

win7-20240704-en

isrstealer stealer trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

49b4d87aef4bb0a3f925860147b6bdc1_JaffaCakes118.exe

Resource

win10v2004-20240709-en

isrstealer stealer trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  49b4d87aef4bb0a3f925860147b6bdc1_JaffaCakes118
- Size
  
  5.2MB
- MD5
  
  49b4d87aef4bb0a3f925860147b6bdc1
- SHA1
  
  857237fb27953167c1ec8ee01666a3920100ef02
- SHA256
  
  1d03f8df088e33d558094c363d8e499557e7f96f3d31f699f776db61c29fb255
- SHA512
  
  ffa4c7e4592b1434f389e229175cc88b9455a07507c80bf38e9f9ae1c8d9b9db40f1d184a4180e99607c8062693327ac445a67828e81bc96fe7503f93c6a70ad
- SSDEEP
  
  6144:7/m9kF4LhB959Ak24Fa8yVRasuSuvfQ1dskAsaJraBCDorAB:bfFWB9bpFatVMPfgsVpraB
Score

10^/10

isrstealer stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerstealertrojanupx

behavioral2

isrstealerstealertrojanupx

© 2018-2024

Terms | Privacy