isrstealer | 7be45f5f89a98f22c8cd858540497c5da3dba7cbec0fc49b4ec6eff435ee317f | Triage

Submit
Reports

Overview

overview

Static

static

3

bb266dc5de...18.exe

windows7-x64

bb266dc5de...18.exe

windows10-2004-x64

Sharing

General

Target

bb266dc5dede36e0d96e4f55b76f016e_JaffaCakes118
Size

1.5MB
Sample

241203-b4g3nayrgp
MD5

bb266dc5dede36e0d96e4f55b76f016e
SHA1

4d17702da9f5548e4673081f84b13298c0949fc0
SHA256

7be45f5f89a98f22c8cd858540497c5da3dba7cbec0fc49b4ec6eff435ee317f
SHA512

f139ce61dfcbb51a7d3a947976d5e2600b2875faafd2c7fdcf6791db45546b46b34f9634bba406e1380343d288e707251921ea350d97079522662ac4a01bbf98
SSDEEP

24576:PKnGctxx3lwkjQ7h3l1PVXUi9VF0tb5xQbn1wcJCRcsawHLkH7XgRbeZ:PK3v3a77xVLjF8Fx2n1wpRcsjHLkrz

Score

10^/10

isrstealer collection discovery persistence stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bb266dc5dede36e0d96e4f55b76f016e_JaffaCakes118.exe

Resource

win7-20240708-en

isrstealer collection discovery persistence stealer trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

bb266dc5dede36e0d96e4f55b76f016e_JaffaCakes118.exe

Resource

win10v2004-20241007-en

isrstealer collection discovery persistence stealer trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  bb266dc5dede36e0d96e4f55b76f016e_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  bb266dc5dede36e0d96e4f55b76f016e
- SHA1
  
  4d17702da9f5548e4673081f84b13298c0949fc0
- SHA256
  
  7be45f5f89a98f22c8cd858540497c5da3dba7cbec0fc49b4ec6eff435ee317f
- SHA512
  
  f139ce61dfcbb51a7d3a947976d5e2600b2875faafd2c7fdcf6791db45546b46b34f9634bba406e1380343d288e707251921ea350d97079522662ac4a01bbf98
- SSDEEP
  
  24576:PKnGctxx3lwkjQ7h3l1PVXUi9VF0tb5xQbn1wcJCRcsawHLkH7XgRbeZ:PK3v3a77xVLjF8Fx2n1wpRcsjHLkrz
Score

10^/10

isrstealer collection discovery persistence stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Isrstealer family
  isrstealer
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft MailPassView
  Password recovery tool for various email clients
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealercollectiondiscoverypersistencestealertrojanupx

behavioral2

isrstealercollectiondiscoverypersistencestealertrojanupx

© 2018-2024

Terms | Privacy