isrstealer | c5f3b728dab3b946f80e363c354d5821d87e67d0d27e2b938bb395e64565ff88

General

Target

JaffaCakes118_651b487fd423ec8448f11d23f500ec10
Size

385KB
Sample

250102-ppntjssjcx
MD5

651b487fd423ec8448f11d23f500ec10
SHA1

da43197862d2a936b55f96901d12c87f0db983d8
SHA256

c5f3b728dab3b946f80e363c354d5821d87e67d0d27e2b938bb395e64565ff88
SHA512

bf3508bb2719968aa1b924a073f5e67ac901b26adf1e1b0f834260e3618066cad1aa5029769b539d579408aa80c6c81d07b55328868c778ff50a8ff73dfece1b
SSDEEP

6144:Oex5IamdAAdX+UkKK0r6vpjzWPu9XQRXKJYO3snCo9UJPHmViI:N5IaiAALKmWJWPyXkrksnCWyO

Score

10^/10

Malware Config

Targets

- Target
  
  JaffaCakes118_651b487fd423ec8448f11d23f500ec10
- Size
  
  385KB
- MD5
  
  651b487fd423ec8448f11d23f500ec10
- SHA1
  
  da43197862d2a936b55f96901d12c87f0db983d8
- SHA256
  
  c5f3b728dab3b946f80e363c354d5821d87e67d0d27e2b938bb395e64565ff88
- SHA512
  
  bf3508bb2719968aa1b924a073f5e67ac901b26adf1e1b0f834260e3618066cad1aa5029769b539d579408aa80c6c81d07b55328868c778ff50a8ff73dfece1b
- SSDEEP
  
  6144:Oex5IamdAAdX+UkKK0r6vpjzWPu9XQRXKJYO3snCo9UJPHmViI:N5IaiAALKmWJWPyXkrksnCWyO
Score

10^/10

isrstealer collection discovery stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Isrstealer family
  isrstealer
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft MailPassView
  Password recovery tool for various email clients
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ISR Stealer

ISR Stealer payload

Isrstealer family

Detected Nirsoft tools

NirSoft MailPassView

Uses the VBS compiler for execution

Accesses Microsoft Outlook accounts

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2