isrstealer | 6930565571319c8692dca27ee5b1747d6fb891dd14ec8c01a1c5cc068aaa6220 | Triage

Submit
Reports

Overview

overview

Static

static

3

563ccd2ff2...18.exe

windows7-x64

563ccd2ff2...18.exe

windows10-2004-x64

Sharing

General

Target

563ccd2ff2ab1fe69c12e4606dcf1b6a_JaffaCakes118
Size

422KB
Sample

240718-fpclvazblc
MD5

563ccd2ff2ab1fe69c12e4606dcf1b6a
SHA1

d15eba60941acd02fc457336f1f23f87bb4494ff
SHA256

6930565571319c8692dca27ee5b1747d6fb891dd14ec8c01a1c5cc068aaa6220
SHA512

0107a5e132ce10d96228dfbade60726000141e51debc016292fae298ce5ebdfbc44890c5b21cd9c601fee71a895caca4f14ef4698f39e869d48851e961186e2d
SSDEEP

12288:gxHGypkpBqjrXKSybKdnDuUfctvDNOv+129H:gxdplhnqUSDt129

Score

10^/10

isrstealer stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

563ccd2ff2ab1fe69c12e4606dcf1b6a_JaffaCakes118.exe

Resource

win7-20240705-en

isrstealer stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

563ccd2ff2ab1fe69c12e4606dcf1b6a_JaffaCakes118.exe

Resource

win10v2004-20240709-en

isrstealer stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  563ccd2ff2ab1fe69c12e4606dcf1b6a_JaffaCakes118
- Size
  
  422KB
- MD5
  
  563ccd2ff2ab1fe69c12e4606dcf1b6a
- SHA1
  
  d15eba60941acd02fc457336f1f23f87bb4494ff
- SHA256
  
  6930565571319c8692dca27ee5b1747d6fb891dd14ec8c01a1c5cc068aaa6220
- SHA512
  
  0107a5e132ce10d96228dfbade60726000141e51debc016292fae298ce5ebdfbc44890c5b21cd9c601fee71a895caca4f14ef4698f39e869d48851e961186e2d
- SSDEEP
  
  12288:gxHGypkpBqjrXKSybKdnDuUfctvDNOv+129H:gxdplhnqUSDt129
Score

10^/10

isrstealer stealer trojan
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerstealertrojan

behavioral2

isrstealerstealertrojan

© 2018-2024

Terms | Privacy