Overview

overview

10

Static

static

3

WinJect.exe

windows7-x64

10

WinJect.exe

windows10-2004-x64

10

bo_synapse...v1.dll

windows7-x64

3

bo_synapse...v1.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d583a09455a589af608dd14605680028_JaffaCakes118

  • Size

    434KB

  • Sample

    241208-gd2l9szmer

  • MD5

    d583a09455a589af608dd14605680028

  • SHA1

    9fd30d87b3834939e61aae4f0db0384b43f37599

  • SHA256

    5067be80b05a552ddd9ca03d22b822855ffa56a7a28f0ba32d0ced57e9e12810

  • SHA512

    af50a18f4a611fb64244df723fe56e77e7f57704d362abf9acfd262f7db2337392e8fe0c2ffdcdaa925f9e1cb063b337dd02c2b7dbd2733eb8f15e641b2ea781

  • SSDEEP

    6144:WhS5A9ZBg61SOqFG4UWQLVjaZGF8zWMLl4oT37UGyi/WUX0zX+NDtff5uFXsUC3I:cS5AnBld4UWQLVOZGFDKL7LW+/ff5+Np

Score
10/10
isrstealerbootkitdiscoverypersistencespywarestealertrojan

Malware Config

Targets

    • Target

      WinJect.exe

    • Size

      540KB

    • MD5

      6abce2783394bf829a97599d04a8def3

    • SHA1

      2a7864232650cf6528c903ec505e4fc1cc59517c

    • SHA256

      29ab5fe35a0f48c4683adf37e978abbfff23c0b2f8b416d58b18690ebf41a66a

    • SHA512

      8c07c4b105296747f6224f161b00250e5fa54c4f7b2ad33313b91f4116917064f4acc315f664688346d0272bc77953c338fe40d4ed6e0fd5e5ad507f12cdf7b4

    • SSDEEP

      6144:dHEUWvcNBG1R741QrIJvnjqHByUkz/urMkHug25ijoBFQi7f0u1WeJiXpH4raGpt:pFG1d4gIJLqcU9OgiioSOLKR4rFMgn

    Score
    10/10
    isrstealerbootkitdiscoverypersistencespywarestealertrojan

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • Isrstealer family

      isrstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      bo_synapse_hack_v1.dll

    • Size

      9KB

    • MD5

      2599262a64221fd55402a6f463907ccc

    • SHA1

      72c41eb7e7cac336d732ec79880b2506590b7ef3

    • SHA256

      38fd25d14f59567498e8806a86e375a25f4c47b71a123de1a6d918fb3d2922c3

    • SHA512

      4ce5917ceebe89a83c10739f4b92f443c1e499a4760213c232031c18b65b26794de2de7d8900e5dc2362b6c1b09891f2f3f359aa2724bce93265d3711f173733

    • SSDEEP

      192:vcf/X3xH4A2j2sOlhpFLSrk3X3PVR6WNbEPp:vIf54ETplSrsnPV

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks