General
-
Target
7877f3e6600f444c0417d978202ec7cc_JaffaCakes118
-
Size
5.1MB
-
Sample
240727-rpgfkstbpm
-
MD5
7877f3e6600f444c0417d978202ec7cc
-
SHA1
2ff29345706a99c08fbfdc4f38283c6b228458af
-
SHA256
ff8f9f39b2d488ecb6effefdab88ff8e900f419c92a799dcd38ee7a9f0b67698
-
SHA512
8801f740d81302639ddc05705a7742c500cc9615109f1b5f71328d2b767f3aa269c0e893bb4998c2a02c2b7738e1af7bc9bff421cf3013c2bf4a32194ae6a7f1
-
SSDEEP
6144:7/m9kF4LhB959Ak24Fa8yVRasuSuvfQ1dskAsaJraBCDorAB:bfFWB9bpFatVMPfgsVpraB
Static task
static1
Behavioral task
behavioral1
Sample
7877f3e6600f444c0417d978202ec7cc_JaffaCakes118.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
7877f3e6600f444c0417d978202ec7cc_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
7877f3e6600f444c0417d978202ec7cc_JaffaCakes118
-
Size
5.1MB
-
MD5
7877f3e6600f444c0417d978202ec7cc
-
SHA1
2ff29345706a99c08fbfdc4f38283c6b228458af
-
SHA256
ff8f9f39b2d488ecb6effefdab88ff8e900f419c92a799dcd38ee7a9f0b67698
-
SHA512
8801f740d81302639ddc05705a7742c500cc9615109f1b5f71328d2b767f3aa269c0e893bb4998c2a02c2b7738e1af7bc9bff421cf3013c2bf4a32194ae6a7f1
-
SSDEEP
6144:7/m9kF4LhB959Ak24Fa8yVRasuSuvfQ1dskAsaJraBCDorAB:bfFWB9bpFatVMPfgsVpraB
-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-