isrstealer | 674b204d76fde06ea2af8d8f61a915229e685c505dadd045868624bb0a791811 | Triage

Submit
Reports

Overview

overview

Static

static

3

c9675564c4...18.exe

windows7-x64

c9675564c4...18.exe

windows10-2004-x64

Sharing

General

Target

c9675564c4208ac7865611eff2e48f11_JaffaCakes118
Size

2.2MB
Sample

240829-xc7pwswakh
MD5

c9675564c4208ac7865611eff2e48f11
SHA1

2f9b16299dc1fdd4751915361a4cd6225267d99d
SHA256

674b204d76fde06ea2af8d8f61a915229e685c505dadd045868624bb0a791811
SHA512

e8a90d87f4ac7d583f1051b0761ef8e931ac4b42ed0f38a517ca304bc86cd9626a9ef3b4ace46e1506b9015937f4ad280111ffd9a9bbf7e08e196d5fed84fe86
SSDEEP

24576:hUzebIo7Q3DFuuL1LXEXkX1TzEVhdOPWtslFP+rZSba+fwZoQ+R:hfIoQ3DFuGLXEXkXFzEndJePQMr4Zov

Score

10^/10

isrstealer credential_access discovery persistence spyware stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c9675564c4208ac7865611eff2e48f11_JaffaCakes118.exe

Resource

win7-20240704-en

isrstealer credential_access discovery persistence spyware stealer trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

c9675564c4208ac7865611eff2e48f11_JaffaCakes118.exe

Resource

win10v2004-20240802-en

isrstealer credential_access discovery persistence spyware stealer trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  c9675564c4208ac7865611eff2e48f11_JaffaCakes118
- Size
  
  2.2MB
- MD5
  
  c9675564c4208ac7865611eff2e48f11
- SHA1
  
  2f9b16299dc1fdd4751915361a4cd6225267d99d
- SHA256
  
  674b204d76fde06ea2af8d8f61a915229e685c505dadd045868624bb0a791811
- SHA512
  
  e8a90d87f4ac7d583f1051b0761ef8e931ac4b42ed0f38a517ca304bc86cd9626a9ef3b4ace46e1506b9015937f4ad280111ffd9a9bbf7e08e196d5fed84fe86
- SSDEEP
  
  24576:hUzebIo7Q3DFuuL1LXEXkX1TzEVhdOPWtslFP+rZSba+fwZoQ+R:hfIoQ3DFuGLXEXkXFzEndJePQMr4Zov
Score

10^/10

isrstealer credential_access discovery persistence spyware stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealercredential_accessdiscoverypersistencespywarestealertrojanupx

behavioral2

isrstealercredential_accessdiscoverypersistencespywarestealertrojanupx

© 2018-2024

Terms | Privacy