isrstealer | cf9c0a6ab39988bae7ef8605aa854f63d5c61f55367d5cc382e4c28c4b6ad095 | Triage

Sharing

General

Target

763c44d707064859ff43277d050f4f22_JaffaCakes118
Size

26KB
Sample

240726-3qnf3asdln
MD5

763c44d707064859ff43277d050f4f22
SHA1

e52ce08937242f73b6f499317337ac32e2bb612b
SHA256

cf9c0a6ab39988bae7ef8605aa854f63d5c61f55367d5cc382e4c28c4b6ad095
SHA512

89c98bf78e6d831d2991716b236d507004955db686df641cf77f0b9f1e463ef234a03682095e2b380b53a81ff5e3a930925b686d1c7a5abb09a0dac51c323ffd
SSDEEP

768:WzFWWSwMop2uMqPGSq9m7ctdrH/oE3L2X7CwqQV21RC+eT4txgS:WhWlRop2FF7ffLGFqI3OtxgS

Score

10^/10

isrstealer discovery spyware stealer

Malware Config

Targets

- Target
  
  EJ.Technologies.Exe4j.v4.1.1.Incl.Keygen-FALLEN.exe
- Size
  
  350KB
- MD5
  
  4b1ee35a02a9bff963c25c529ae73528
- SHA1
  
  b0aaa433d92cdc00db307dc2ec37d626935de4b1
- SHA256
  
  8d740e12b3a15091d74aa3e3c4e1221fbfe1fcfb43d49b2afece2a09a700b1b8
- SHA512
  
  41c8fecaee1c25552354e8b12e5f8ddae397063fa4d9507ceb4708b1988bd56ccfb952f17f01063357592f7fb13ad6b41a44904d1b8c7068191d9a8faa698d12
- SSDEEP
  
  1536:0z3HBexMQT+2umeWO2+FPx/lXYVAG8Zs7kfl/ig8OQ:ZxMQeXYVQsel/iwQ
Score

7^/10

discovery spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer