isrstealer | f2acdba3b1e8794ceb3923de7ca8d192f68894e49b37f84fa6723aeb97366d88 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...a0.exe

windows7-x64

JaffaCakes...a0.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_6a578b50b62fa21da49e9368b1de3fa0
Size

657KB
Sample

250103-fhhvaasrcl
MD5

6a578b50b62fa21da49e9368b1de3fa0
SHA1

dbbf4a09afb8fd6effe5791b4fd1774f31135768
SHA256

f2acdba3b1e8794ceb3923de7ca8d192f68894e49b37f84fa6723aeb97366d88
SHA512

7cd8a9ef4f346be5d7564863299c43ba1e5abf74ac0547c8e94b98d7ea2ee9996e32c62db3acd1e3d800599089484ea2b65efa547d4c31b0fb26eb0ef8aba803
SSDEEP

12288:d4huhKnDCVjOBi4LGqk2YugOpgxA2jkswofn1aKHjl:dguoDoOInL2Vgogh/ww1

Score

10^/10

isrstealer collection discovery persistence stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_6a578b50b62fa21da49e9368b1de3fa0.exe

Resource

win7-20241023-en

isrstealer collection discovery persistence stealer trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_6a578b50b62fa21da49e9368b1de3fa0.exe

Resource

win10v2004-20241007-en

isrstealer collection discovery persistence stealer trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_6a578b50b62fa21da49e9368b1de3fa0
- Size
  
  657KB
- MD5
  
  6a578b50b62fa21da49e9368b1de3fa0
- SHA1
  
  dbbf4a09afb8fd6effe5791b4fd1774f31135768
- SHA256
  
  f2acdba3b1e8794ceb3923de7ca8d192f68894e49b37f84fa6723aeb97366d88
- SHA512
  
  7cd8a9ef4f346be5d7564863299c43ba1e5abf74ac0547c8e94b98d7ea2ee9996e32c62db3acd1e3d800599089484ea2b65efa547d4c31b0fb26eb0ef8aba803
- SSDEEP
  
  12288:d4huhKnDCVjOBi4LGqk2YugOpgxA2jkswofn1aKHjl:dguoDoOInL2Vgogh/ww1
Score

10^/10

isrstealer collection discovery persistence stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Isrstealer family
  isrstealer
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft MailPassView
  Password recovery tool for various email clients
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealercollectiondiscoverypersistencestealertrojanupx

behavioral2

isrstealercollectiondiscoverypersistencestealertrojanupx

© 2018-2025

Terms | Privacy