isrstealer | d8ece9627b3f6ee7906b6dea24a52ecf0c6dbac3f5da250f653b9a418e464ef1 | Triage

Submit
Reports

Overview

overview

Static

static

3

8809858de6...18.exe

windows7-x64

8809858de6...18.exe

windows10-2004-x64

Sharing

General

Target

8809858de680c7a36e1bc0972c1847ef_JaffaCakes118
Size

1.1MB
Sample

240810-23v61axbrh
MD5

8809858de680c7a36e1bc0972c1847ef
SHA1

943cb9e9365bf92fa0ad9c06bc63caaa77815b05
SHA256

d8ece9627b3f6ee7906b6dea24a52ecf0c6dbac3f5da250f653b9a418e464ef1
SHA512

edaa89705d61ce71cbf114b8a92c46158d1ff0e31bd3ecb596b3ea3e2520bffcec4c8082d37fa765452486dc6988755c4724ffdba88ab4433443ae8c3cd3d2a7
SSDEEP

24576:icZKZGKzir+ldqvxmlvSFaGV4JmnLS229XPlIUrQIGPk8Puyp:i2KIgir+nqnMMCpXP5r5Gw4

Score

10^/10

isrstealer credential_access discovery spyware stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8809858de680c7a36e1bc0972c1847ef_JaffaCakes118.exe

Resource

win7-20240704-en

isrstealer credential_access discovery spyware stealer trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

8809858de680c7a36e1bc0972c1847ef_JaffaCakes118.exe

Resource

win10v2004-20240802-en

isrstealer credential_access discovery spyware stealer trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  8809858de680c7a36e1bc0972c1847ef_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  8809858de680c7a36e1bc0972c1847ef
- SHA1
  
  943cb9e9365bf92fa0ad9c06bc63caaa77815b05
- SHA256
  
  d8ece9627b3f6ee7906b6dea24a52ecf0c6dbac3f5da250f653b9a418e464ef1
- SHA512
  
  edaa89705d61ce71cbf114b8a92c46158d1ff0e31bd3ecb596b3ea3e2520bffcec4c8082d37fa765452486dc6988755c4724ffdba88ab4433443ae8c3cd3d2a7
- SSDEEP
  
  24576:icZKZGKzir+ldqvxmlvSFaGV4JmnLS229XPlIUrQIGPk8Puyp:i2KIgir+nqnMMCpXP5r5Gw4
Score

10^/10

isrstealer credential_access discovery spyware stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealercredential_accessdiscoveryspywarestealertrojanupx

behavioral2

isrstealercredential_accessdiscoveryspywarestealertrojanupx

© 2018-2024

Terms | Privacy