isrstealer | eada68bef32929f9ba47b3f8079bb32e9f9aab10761712d22d3a7fa84d5683f8 | Triage

Submit
Reports

Overview

overview

Static

static

3

f12f98156e...18.exe

windows7-x64

f12f98156e...18.exe

windows10-2004-x64

Sharing

General

Target

f12f98156e5d6f72cf3f017cd192896d_JaffaCakes118
Size

507KB
Sample

241214-3amjtsyqbl
MD5

f12f98156e5d6f72cf3f017cd192896d
SHA1

c6f7225ea26d1c17fc423ce563077bf82f504a21
SHA256

eada68bef32929f9ba47b3f8079bb32e9f9aab10761712d22d3a7fa84d5683f8
SHA512

3495a6b9c5d0529e04c5436ce601c3da80b0530eeb5131e507a0a302e6650b11a6ce41b3a3bbf80bd452b9d9fade83d9879b280c83dd065ec62df173a88d90ed
SSDEEP

12288:PXj4dg6HLm7ZejSvnvPp4LVaKDBPd9O+TozRo:f56HLmFMYnvSZd95ozy

Score

10^/10

isrstealer discovery stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f12f98156e5d6f72cf3f017cd192896d_JaffaCakes118.exe

Resource

win7-20240903-en

isrstealer discovery stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

f12f98156e5d6f72cf3f017cd192896d_JaffaCakes118.exe

Resource

win10v2004-20241007-en

isrstealer discovery stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  f12f98156e5d6f72cf3f017cd192896d_JaffaCakes118
- Size
  
  507KB
- MD5
  
  f12f98156e5d6f72cf3f017cd192896d
- SHA1
  
  c6f7225ea26d1c17fc423ce563077bf82f504a21
- SHA256
  
  eada68bef32929f9ba47b3f8079bb32e9f9aab10761712d22d3a7fa84d5683f8
- SHA512
  
  3495a6b9c5d0529e04c5436ce601c3da80b0530eeb5131e507a0a302e6650b11a6ce41b3a3bbf80bd452b9d9fade83d9879b280c83dd065ec62df173a88d90ed
- SSDEEP
  
  12288:PXj4dg6HLm7ZejSvnvPp4LVaKDBPd9O+TozRo:f56HLmFMYnvSZd95ozy
Score

10^/10

isrstealer discovery stealer trojan
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Isrstealer family
  isrstealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerdiscoverystealertrojan

behavioral2

isrstealerdiscoverystealertrojan

© 2018-2024

Terms | Privacy