isrstealer | ec10f4e43d71e5d52862f7d11af464316b4301254f62fedfba385a097923ffa4 | Triage

Submit
Reports

Overview

overview

Static

static

3

4ece9e1e72...18.exe

windows7-x64

4ece9e1e72...18.exe

windows10-2004-x64

Sharing

General

Target

4ece9e1e721cd7dc5a270b3cf7d1f083_JaffaCakes118
Size

696KB
Sample

240716-r72t8s1ape
MD5

4ece9e1e721cd7dc5a270b3cf7d1f083
SHA1

a863b9cb0531deee7e356f2534a39723b5ee929b
SHA256

ec10f4e43d71e5d52862f7d11af464316b4301254f62fedfba385a097923ffa4
SHA512

8560755a71bb652cad90839b85d5f6f8d63984b1e5e8a887ec55d38a206451fb6c639aafd6cc4f904b776081b9c940800c3100125dbfcdd65c7e1fda4d3c14be
SSDEEP

12288:3m1+jgi2aZFMZj7Kexe2f27HjUtbnbKEFsB61a9tNMbFynKNJDzGGpZJD:yxqZaZjWy2Utbusd1a9tObFynKHGG1

Score

10^/10

isrstealer bootkit persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4ece9e1e721cd7dc5a270b3cf7d1f083_JaffaCakes118.exe

Resource

win7-20240704-en

isrstealer bootkit persistence stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

4ece9e1e721cd7dc5a270b3cf7d1f083_JaffaCakes118.exe

Resource

win10v2004-20240709-en

isrstealer stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  4ece9e1e721cd7dc5a270b3cf7d1f083_JaffaCakes118
- Size
  
  696KB
- MD5
  
  4ece9e1e721cd7dc5a270b3cf7d1f083
- SHA1
  
  a863b9cb0531deee7e356f2534a39723b5ee929b
- SHA256
  
  ec10f4e43d71e5d52862f7d11af464316b4301254f62fedfba385a097923ffa4
- SHA512
  
  8560755a71bb652cad90839b85d5f6f8d63984b1e5e8a887ec55d38a206451fb6c639aafd6cc4f904b776081b9c940800c3100125dbfcdd65c7e1fda4d3c14be
- SSDEEP
  
  12288:3m1+jgi2aZFMZj7Kexe2f27HjUtbnbKEFsB61a9tNMbFynKNJDzGGpZJD:yxqZaZjWy2Utbusd1a9tObFynKHGG1
Score

10^/10

isrstealer bootkit persistence stealer trojan
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerbootkitpersistencestealertrojan

behavioral2

isrstealerstealertrojan

© 2018-2024

Terms | Privacy