isrstealer | 93f2e07cc7722a22a158b71a0cc2a456f4fbdca5cfd67fa8e905e066522216f3 | Triage

Submit
Reports

Overview

overview

Static

static

3

bc900ec165...18.exe

windows7-x64

bc900ec165...18.exe

windows10-2004-x64

Sharing

General

Target

bc900ec165c7974d6b8a35003e8b469f_JaffaCakes118
Size

248KB
Sample

240823-vfqjnswfke
MD5

bc900ec165c7974d6b8a35003e8b469f
SHA1

2455fca46873fddc8e776278d931e4f86bea326d
SHA256

93f2e07cc7722a22a158b71a0cc2a456f4fbdca5cfd67fa8e905e066522216f3
SHA512

d8ecb449ce2e6489f345a29fdf9a8ab2d16fa5407310195f8e8dbf6590c0160417a054cc6e908badb0ade9c50cde33a503ffeb06121d12a83011b7fd0444d060
SSDEEP

3072:hm+JmSCT1QEMQkrp8RCODSS2olEPKeMFxdK0NHhwCxzL5PKATEt1l8Hw3bImQQEj:8+6T6EMjpQDL20EP1MvwCIOH

Score

10^/10

isrstealer discovery stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bc900ec165c7974d6b8a35003e8b469f_JaffaCakes118.exe

Resource

win7-20240729-en

isrstealer discovery stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

bc900ec165c7974d6b8a35003e8b469f_JaffaCakes118.exe

Resource

win10v2004-20240802-en

isrstealer discovery stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  bc900ec165c7974d6b8a35003e8b469f_JaffaCakes118
- Size
  
  248KB
- MD5
  
  bc900ec165c7974d6b8a35003e8b469f
- SHA1
  
  2455fca46873fddc8e776278d931e4f86bea326d
- SHA256
  
  93f2e07cc7722a22a158b71a0cc2a456f4fbdca5cfd67fa8e905e066522216f3
- SHA512
  
  d8ecb449ce2e6489f345a29fdf9a8ab2d16fa5407310195f8e8dbf6590c0160417a054cc6e908badb0ade9c50cde33a503ffeb06121d12a83011b7fd0444d060
- SSDEEP
  
  3072:hm+JmSCT1QEMQkrp8RCODSS2olEPKeMFxdK0NHhwCxzL5PKATEt1l8Hw3bImQQEj:8+6T6EMjpQDL20EP1MvwCIOH
Score

10^/10

isrstealer discovery stealer trojan
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerdiscoverystealertrojan

behavioral2

isrstealerdiscoverystealertrojan

© 2018-2025

Terms | Privacy