isrstealer | 3b72f46088f0554ee89a08507ff0695acad9c555d0f3a3858d969723cd592ac4 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

a2c6eb6be8...18.exe

windows7-x64

a2c6eb6be8...18.exe

windows10-2004-x64

Sharing

General

Target

a2c6eb6be849b063bc45e9114f543888_JaffaCakes118
Size

277KB
Sample

241126-s65eeaxnaz
MD5

a2c6eb6be849b063bc45e9114f543888
SHA1

17ad7e00b27ff6605d6c9cc92e484de180fd0289
SHA256

3b72f46088f0554ee89a08507ff0695acad9c555d0f3a3858d969723cd592ac4
SHA512

4c77568c10d1774c5623eeb94e1c5141032c44c6629f3f91a77fe0e8c13a758be1d117f872de338fbf30bdce7cd9aa17b41f60482d3e04e1bf9d3e7253b593ee
SSDEEP

6144:eH0PQIW7BYcZ8jUbG5p60lM3OTS7SON/x9+jAWe6OlYmfm:eUP+F08GWiwjYmu

Score

10^/10

isrstealer discovery spyware stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a2c6eb6be849b063bc45e9114f543888_JaffaCakes118.exe

Resource

win7-20241010-en

isrstealer discovery spyware stealer trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

a2c6eb6be849b063bc45e9114f543888_JaffaCakes118.exe

Resource

win10v2004-20241007-en

isrstealer discovery spyware stealer trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  a2c6eb6be849b063bc45e9114f543888_JaffaCakes118
- Size
  
  277KB
- MD5
  
  a2c6eb6be849b063bc45e9114f543888
- SHA1
  
  17ad7e00b27ff6605d6c9cc92e484de180fd0289
- SHA256
  
  3b72f46088f0554ee89a08507ff0695acad9c555d0f3a3858d969723cd592ac4
- SHA512
  
  4c77568c10d1774c5623eeb94e1c5141032c44c6629f3f91a77fe0e8c13a758be1d117f872de338fbf30bdce7cd9aa17b41f60482d3e04e1bf9d3e7253b593ee
- SSDEEP
  
  6144:eH0PQIW7BYcZ8jUbG5p60lM3OTS7SON/x9+jAWe6OlYmfm:eUP+F08GWiwjYmu
Score

10^/10

isrstealer discovery spyware stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Isrstealer family
  isrstealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerdiscoveryspywarestealertrojanupx

behavioral2

isrstealerdiscoveryspywarestealertrojanupx

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.