General
-
Target
JaffaCakes118_7a66563172ad5bc98de4a9d9a8d80080
-
Size
540KB
-
Sample
250104-sp4rjsvldw
-
MD5
7a66563172ad5bc98de4a9d9a8d80080
-
SHA1
0574d74511f4bca882d93c27d80f1e9a1f4f0f4b
-
SHA256
3f782deb0bb75af920032b4af83463ccba0e7b45e45895873a0b9b4398df67ee
-
SHA512
6de416d142c5368a4bfdcc02d78188f44840681ced8ea29a2c868b3bf8ca24a6eedbc91efce03548a68c6bcc6f09246b8030300fb20bd120c0bf24cfcf7e51e1
-
SSDEEP
12288:Ghxc3TIlqGJs1jpqttRiOsopj8X8TsWELBpGkjrkgbPp2UJSVEtoPC:ucoCyb6aIMTsWAfGONUkgEWP
Malware Config
Targets
-
-
Target
JaffaCakes118_7a66563172ad5bc98de4a9d9a8d80080
-
Size
540KB
-
MD5
7a66563172ad5bc98de4a9d9a8d80080
-
SHA1
0574d74511f4bca882d93c27d80f1e9a1f4f0f4b
-
SHA256
3f782deb0bb75af920032b4af83463ccba0e7b45e45895873a0b9b4398df67ee
-
SHA512
6de416d142c5368a4bfdcc02d78188f44840681ced8ea29a2c868b3bf8ca24a6eedbc91efce03548a68c6bcc6f09246b8030300fb20bd120c0bf24cfcf7e51e1
-
SSDEEP
12288:Ghxc3TIlqGJs1jpqttRiOsopj8X8TsWELBpGkjrkgbPp2UJSVEtoPC:ucoCyb6aIMTsWAfGONUkgEWP
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Isrstealer family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2