isrstealer | 7815ea5f8a696cf2984b02f058c699a3682f9f3aebeb27486e9428194685c3c6 | Triage

Submit
Reports

Overview

overview

Static

static

3

f61be28bb9...18.exe

windows7-x64

f61be28bb9...18.exe

windows10-2004-x64

Sharing

General

Target

f61be28bb9b68fecb9551495188f9434_JaffaCakes118
Size

487KB
Sample

241215-2wpqms1mcx
MD5

f61be28bb9b68fecb9551495188f9434
SHA1

391d3a38ab1b47605fd9b2e654ba9990e87aa940
SHA256

7815ea5f8a696cf2984b02f058c699a3682f9f3aebeb27486e9428194685c3c6
SHA512

e581ad123207f84eabf4c93f5bffe7e32c904c90c5f5cc0c3179959af604b9482441842e698b671a0fbbab02b99ef1674c9efef0631b3e0e720c5342c8d56b5e
SSDEEP

12288:mNdxlP1UwhjBt8dgOvtdothTheJLyTWOpHOHahuFXHGjZB:mNdxvz2SOboth0hyTXO6hwKL

Score

10^/10

isrstealer collection discovery spyware stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f61be28bb9b68fecb9551495188f9434_JaffaCakes118.exe

Resource

win7-20241010-en

isrstealer collection discovery spyware stealer trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

f61be28bb9b68fecb9551495188f9434_JaffaCakes118.exe

Resource

win10v2004-20241007-en

isrstealer collection discovery spyware stealer trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  f61be28bb9b68fecb9551495188f9434_JaffaCakes118
- Size
  
  487KB
- MD5
  
  f61be28bb9b68fecb9551495188f9434
- SHA1
  
  391d3a38ab1b47605fd9b2e654ba9990e87aa940
- SHA256
  
  7815ea5f8a696cf2984b02f058c699a3682f9f3aebeb27486e9428194685c3c6
- SHA512
  
  e581ad123207f84eabf4c93f5bffe7e32c904c90c5f5cc0c3179959af604b9482441842e698b671a0fbbab02b99ef1674c9efef0631b3e0e720c5342c8d56b5e
- SSDEEP
  
  12288:mNdxlP1UwhjBt8dgOvtdothTheJLyTWOpHOHahuFXHGjZB:mNdxvz2SOboth0hyTXO6hwKL
Score

10^/10

isrstealer collection discovery spyware stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Isrstealer family
  isrstealer
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft MailPassView
  Password recovery tool for various email clients
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealercollectiondiscoveryspywarestealertrojanupx

behavioral2

isrstealercollectiondiscoveryspywarestealertrojanupx

© 2018-2025

Terms | Privacy