Overview

overview

10

Static

static

3

b875f43383...18.exe

windows7-x64

10

b875f43383...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b875f433838b5d7f6c841f738e689dcf_JaffaCakes118

  • Size

    4.3MB

  • Sample

    240822-vvsbtaydjb

  • MD5

    b875f433838b5d7f6c841f738e689dcf

  • SHA1

    5ed4202372264c08cdb808f6f0d4d1a28515f4f0

  • SHA256

    4c02165fb1a4c0871ef4ae7d77b89ea7b5d78d1b595da6652c43d4d2415201e9

  • SHA512

    77629e35cdddfd74e6df6f7777ad54e6621e5d3dab9e22cced56da40000e40b88fbf3b252286eee2430861c2a15a3032b517098eb5674d266c32e3395b71cfab

  • SSDEEP

    6144:7/m9kF4LhB959Ak24Fa8yVRasuSuvfQ1dskAsaJraBCDorAB:bfFWB9bpFatVMPfgsVpraB

Score
10/10
isrstealercredential_accessdiscoverystealertrojanupx

Malware Config

Targets

    • Target

      b875f433838b5d7f6c841f738e689dcf_JaffaCakes118

    • Size

      4.3MB

    • MD5

      b875f433838b5d7f6c841f738e689dcf

    • SHA1

      5ed4202372264c08cdb808f6f0d4d1a28515f4f0

    • SHA256

      4c02165fb1a4c0871ef4ae7d77b89ea7b5d78d1b595da6652c43d4d2415201e9

    • SHA512

      77629e35cdddfd74e6df6f7777ad54e6621e5d3dab9e22cced56da40000e40b88fbf3b252286eee2430861c2a15a3032b517098eb5674d266c32e3395b71cfab

    • SSDEEP

      6144:7/m9kF4LhB959Ak24Fa8yVRasuSuvfQ1dskAsaJraBCDorAB:bfFWB9bpFatVMPfgsVpraB

    Score
    10/10
    isrstealercredential_accessdiscoverystealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks