isrstealer | 1ce6a38b35f833c24a30a8fcbf107c781dc47a27990b3c1fdc04c420c3b88b7d | Triage

Submit
Reports

Overview

overview

Static

static

3

82800ea690...18.exe

windows7-x64

82800ea690...18.exe

windows10-2004-x64

Sharing

General

Target

82800ea690f33cb08cee91bc93c125ed_JaffaCakes118
Size

215KB
Sample

240802-bse4xssbkh
MD5

82800ea690f33cb08cee91bc93c125ed
SHA1

2cfe0745860a3d4ab3ceb3294dc65f6109067c90
SHA256

1ce6a38b35f833c24a30a8fcbf107c781dc47a27990b3c1fdc04c420c3b88b7d
SHA512

3f92df78c2b89b7c87945a55e375b178cbe790fb245c47544008341ffb37fb90187d85ceb1c6f7d4b351ed1908fb7f1867b8c7d90310503c36bf2144291bdf23
SSDEEP

1536:o2+QgZRa6s1ibsjLuMtzxRX4x6+ngPBpECejwQ/q2kViOHyayHh635x9BxSGvRua:oq28pYh+MXaX+q6u

Score

10^/10

isrstealer discovery persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

82800ea690f33cb08cee91bc93c125ed_JaffaCakes118.exe

Resource

win7-20240729-en

isrstealer discovery persistence stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

82800ea690f33cb08cee91bc93c125ed_JaffaCakes118.exe

Resource

win10v2004-20240730-en

isrstealer discovery persistence stealer trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  82800ea690f33cb08cee91bc93c125ed_JaffaCakes118
- Size
  
  215KB
- MD5
  
  82800ea690f33cb08cee91bc93c125ed
- SHA1
  
  2cfe0745860a3d4ab3ceb3294dc65f6109067c90
- SHA256
  
  1ce6a38b35f833c24a30a8fcbf107c781dc47a27990b3c1fdc04c420c3b88b7d
- SHA512
  
  3f92df78c2b89b7c87945a55e375b178cbe790fb245c47544008341ffb37fb90187d85ceb1c6f7d4b351ed1908fb7f1867b8c7d90310503c36bf2144291bdf23
- SSDEEP
  
  1536:o2+QgZRa6s1ibsjLuMtzxRX4x6+ngPBpECejwQ/q2kViOHyayHh635x9BxSGvRua:oq28pYh+MXaX+q6u
Score

10^/10

isrstealer discovery persistence stealer trojan
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerdiscoverypersistencestealertrojan

behavioral2

isrstealerdiscoverypersistencestealertrojan

© 2018-2024

Terms | Privacy