Overview

overview

10

Static

static

3

4dde8137d6...18.exe

windows7-x64

10

4dde8137d6...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4dde8137d66301741d8033939cd6e392_JaffaCakes118

  • Size

    232KB

  • Sample

    240716-l9vk2sxekr

  • MD5

    4dde8137d66301741d8033939cd6e392

  • SHA1

    c38a250eb78c36f42a1a4cff587cf18e11f40925

  • SHA256

    55a366b624cd2eba7cdae14fe85125c5f8202577acb2f32c975c15809f803d59

  • SHA512

    3fbce495817c86f5ab42d5238df61a03e25a2ae0e97e8bb8e37fd2a64a0536090e7fb1ef37b0de4914e51af8f445a3b5a4fbf015811c4f2fa427e0c1269011a9

  • SSDEEP

    3072:7/gYMyMWhgRuRxiIQj2AUhAqIgnDPvsa7F/ejhO6bwpoSIDo:7tMzRu6IQ/Uhp5Pvsapedgq

Score
10/10
isrstealerbootkitpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      4dde8137d66301741d8033939cd6e392_JaffaCakes118

    • Size

      232KB

    • MD5

      4dde8137d66301741d8033939cd6e392

    • SHA1

      c38a250eb78c36f42a1a4cff587cf18e11f40925

    • SHA256

      55a366b624cd2eba7cdae14fe85125c5f8202577acb2f32c975c15809f803d59

    • SHA512

      3fbce495817c86f5ab42d5238df61a03e25a2ae0e97e8bb8e37fd2a64a0536090e7fb1ef37b0de4914e51af8f445a3b5a4fbf015811c4f2fa427e0c1269011a9

    • SSDEEP

      3072:7/gYMyMWhgRuRxiIQj2AUhAqIgnDPvsa7F/ejhO6bwpoSIDo:7tMzRu6IQ/Uhp5Pvsapedgq

    Score
    10/10
    isrstealerbootkitpersistencespywarestealertrojan

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks