isrstealer | f7462dc49468eb6a06eec809d98fead60d64be1e7e5a9b784977d8a32424a6c2 | Triage

Submit
Reports

Overview

overview

Static

static

3

93e550a36d...18.exe

windows7-x64

93e550a36d...18.exe

windows10-2004-x64

Sharing

General

Target

93e550a36dddf06a840abfa57fc0900a_JaffaCakes118
Size

232KB
Sample

240813-t6ysasvbrf
MD5

93e550a36dddf06a840abfa57fc0900a
SHA1

af58d5dce7bfe931c2b27de917cbf62af1153feb
SHA256

f7462dc49468eb6a06eec809d98fead60d64be1e7e5a9b784977d8a32424a6c2
SHA512

7a793039ed18f90f333d34137cab26b8d7feec40d1cc99c43d8dc864ea0a9fcec2784baddb4fa33f323f474e8743746625fdf021f329032ac509a342ac43d383
SSDEEP

3072:jd2QQU0AaP/NfFH98Woe/UcVKbn/GPHvLjfuot2K7pINPFzYJ+DBad:J2QQU0AeVFH9SsUwKK/GSpyTad

Score

10^/10

isrstealer bootkit discovery persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

93e550a36dddf06a840abfa57fc0900a_JaffaCakes118.exe

Resource

win7-20240704-en

isrstealer bootkit discovery persistence spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

93e550a36dddf06a840abfa57fc0900a_JaffaCakes118.exe

Resource

win10v2004-20240802-en

isrstealer bootkit discovery persistence spyware stealer trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  93e550a36dddf06a840abfa57fc0900a_JaffaCakes118
- Size
  
  232KB
- MD5
  
  93e550a36dddf06a840abfa57fc0900a
- SHA1
  
  af58d5dce7bfe931c2b27de917cbf62af1153feb
- SHA256
  
  f7462dc49468eb6a06eec809d98fead60d64be1e7e5a9b784977d8a32424a6c2
- SHA512
  
  7a793039ed18f90f333d34137cab26b8d7feec40d1cc99c43d8dc864ea0a9fcec2784baddb4fa33f323f474e8743746625fdf021f329032ac509a342ac43d383
- SSDEEP
  
  3072:jd2QQU0AaP/NfFH98Woe/UcVKbn/GPHvLjfuot2K7pINPFzYJ+DBad:J2QQU0AeVFH9SsUwKK/GSpyTad
Score

10^/10

isrstealer bootkit discovery persistence spyware stealer trojan
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerbootkitdiscoverypersistencespywarestealertrojan

behavioral2

isrstealerbootkitdiscoverypersistencespywarestealertrojan

© 2018-2025

Terms | Privacy