General

  • Target

    3b2b355c80a79da3a42109b327c95576_JaffaCakes118

  • Size

    17.3MB

  • Sample

    241012-vqa7qswckj

  • MD5

    3b2b355c80a79da3a42109b327c95576

  • SHA1

    0ec369f9459658346ff48941fd531ec94b41e18e

  • SHA256

    ba05970dbe169411a8b77b2b5fb3c8572acb7447051e4a034b59f1d87127f905

  • SHA512

    2ca16c93672706e06af68e089702a492d3a1f0c3c3bd1ce98271ccc3e7f34fd51d93b885bba103c8280a6b84ec74d68fe514e1107a0b508979f49fe88483c93a

  • SSDEEP

    12288:1KK8QCgFYvJDQHa+Pu1wdrtiJeeeeeveeeeee:v5GlQHTm1wqJeeeeeveeeeee

Malware Config

Targets

    • Target

      3b2b355c80a79da3a42109b327c95576_JaffaCakes118

    • Size

      17.3MB

    • MD5

      3b2b355c80a79da3a42109b327c95576

    • SHA1

      0ec369f9459658346ff48941fd531ec94b41e18e

    • SHA256

      ba05970dbe169411a8b77b2b5fb3c8572acb7447051e4a034b59f1d87127f905

    • SHA512

      2ca16c93672706e06af68e089702a492d3a1f0c3c3bd1ce98271ccc3e7f34fd51d93b885bba103c8280a6b84ec74d68fe514e1107a0b508979f49fe88483c93a

    • SSDEEP

      12288:1KK8QCgFYvJDQHa+Pu1wdrtiJeeeeeveeeeee:v5GlQHTm1wqJeeeeeveeeeee

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

    • ISR Stealer payload

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks