isrstealer | b1e37d19ea5557b754aacbde1d5576dfb19b066046e8985a12175ff01b5b815c | Triage

Submit
Reports

Overview

overview

Static

static

3

14e8932dde...18.exe

windows7-x64

14e8932dde...18.exe

windows10-2004-x64

Sharing

General

Target

14e8932ddeef02f04fbee516520cd5a4_JaffaCakes118
Size

409KB
Sample

241004-zvpm5s1amb
MD5

14e8932ddeef02f04fbee516520cd5a4
SHA1

a6db70376e93e9c3f9817f93ec8de83d0f546118
SHA256

b1e37d19ea5557b754aacbde1d5576dfb19b066046e8985a12175ff01b5b815c
SHA512

944e9baddaec4e129847e3f7d7faa4c2b28e2d5d4af54a40bed699017a8809636b865fb7765e4f4d69d27d5b9aa391886daa427d1421d7729fb3a61add2a3e96
SSDEEP

6144:/CzvmyNV6J32nj3cb0TOJxijBIm8OC3/Q0eghkCDJLv7PlPcu2oEy4WXjYb4LDZT:abmqW2njU5J0jelY9gqkN7XI4LhEe

Score

10^/10

isrstealer discovery stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

14e8932ddeef02f04fbee516520cd5a4_JaffaCakes118.exe

Resource

win7-20240903-en

isrstealer discovery stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

14e8932ddeef02f04fbee516520cd5a4_JaffaCakes118.exe

Resource

win10v2004-20240802-en

isrstealer discovery stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  14e8932ddeef02f04fbee516520cd5a4_JaffaCakes118
- Size
  
  409KB
- MD5
  
  14e8932ddeef02f04fbee516520cd5a4
- SHA1
  
  a6db70376e93e9c3f9817f93ec8de83d0f546118
- SHA256
  
  b1e37d19ea5557b754aacbde1d5576dfb19b066046e8985a12175ff01b5b815c
- SHA512
  
  944e9baddaec4e129847e3f7d7faa4c2b28e2d5d4af54a40bed699017a8809636b865fb7765e4f4d69d27d5b9aa391886daa427d1421d7729fb3a61add2a3e96
- SSDEEP
  
  6144:/CzvmyNV6J32nj3cb0TOJxijBIm8OC3/Q0eghkCDJLv7PlPcu2oEy4WXjYb4LDZT:abmqW2njU5J0jelY9gqkN7XI4LhEe
Score

10^/10

isrstealer discovery stealer trojan
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerdiscoverystealertrojan

behavioral2

isrstealerdiscoverystealertrojan

© 2018-2024

Terms | Privacy