isrstealer | f00b288866cf27c4219022b29cc90522f05e4af18c9a842e6087c01a7c4e3bed

General

Target

7272a067ec56ecfc93f31af259bb1cd6_JaffaCakes118
Size

671KB
Sample

241024-fvbxhavfld
MD5

7272a067ec56ecfc93f31af259bb1cd6
SHA1

526e98c0d12875fd13e217a8c04b1c8ece14c334
SHA256

f00b288866cf27c4219022b29cc90522f05e4af18c9a842e6087c01a7c4e3bed
SHA512

7d9dcf47f6d45794262c6dfa01b71d2b8dfa4b7cf625e5a14d42936e072514dc25d5fd6e92e448dae7b9a08f8404d38e3e2c1101497da1b47a89a20369bce3cd
SSDEEP

12288:q/h70lWElp014hoE7mUQElmm/0LxFHysxziHZOWltpTCka:q/hGFlS1aoEhMLHHysoNTCka

Score

10^/10

Malware Config

Targets

- Target
  
  7272a067ec56ecfc93f31af259bb1cd6_JaffaCakes118
- Size
  
  671KB
- MD5
  
  7272a067ec56ecfc93f31af259bb1cd6
- SHA1
  
  526e98c0d12875fd13e217a8c04b1c8ece14c334
- SHA256
  
  f00b288866cf27c4219022b29cc90522f05e4af18c9a842e6087c01a7c4e3bed
- SHA512
  
  7d9dcf47f6d45794262c6dfa01b71d2b8dfa4b7cf625e5a14d42936e072514dc25d5fd6e92e448dae7b9a08f8404d38e3e2c1101497da1b47a89a20369bce3cd
- SSDEEP
  
  12288:q/h70lWElp014hoE7mUQElmm/0LxFHysxziHZOWltpTCka:q/hGFlS1aoEhMLHHysoNTCka
Score

10^/10

isrstealer collection discovery stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ISR Stealer

ISR Stealer payload

Detected Nirsoft tools

NirSoft MailPassView

NirSoft WebBrowserPassView

Accesses Microsoft Outlook accounts

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2