Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_7b6e32355587a65ca9d434152ebd7ef4
-
Size
408KB
-
Sample
250104-yd3m1awkdj
-
MD5
7b6e32355587a65ca9d434152ebd7ef4
-
SHA1
6ce649670be8e54ebaf3d018a030306e6bd8e070
-
SHA256
d8f21b5f2faba217f98cd3e77340f21ae8e13f4598bae5095d578c320a0b9b37
-
SHA512
d23ec6dd5aa6d7675eb0d4c4d567f3775fcfff9ccbbe6f71a1b76555d22ab06b66b69ed764cdd14e979d70d32bf212b9664682917bc27b54e0367a71f045157c
-
SSDEEP
6144:v7l/Mts0sXrneChRWcSUEC8ctAom2C+do4ON1ZA0bYQpBuLGlY+6iPHS/ei:hMSeChscpEBctA2Q11aPQ3/6/ei
Malware Config
Targets
-
-
Target
JaffaCakes118_7b6e32355587a65ca9d434152ebd7ef4
-
Size
408KB
-
MD5
7b6e32355587a65ca9d434152ebd7ef4
-
SHA1
6ce649670be8e54ebaf3d018a030306e6bd8e070
-
SHA256
d8f21b5f2faba217f98cd3e77340f21ae8e13f4598bae5095d578c320a0b9b37
-
SHA512
d23ec6dd5aa6d7675eb0d4c4d567f3775fcfff9ccbbe6f71a1b76555d22ab06b66b69ed764cdd14e979d70d32bf212b9664682917bc27b54e0367a71f045157c
-
SSDEEP
6144:v7l/Mts0sXrneChRWcSUEC8ctAom2C+do4ON1ZA0bYQpBuLGlY+6iPHS/ei:hMSeChscpEBctA2Q11aPQ3/6/ei
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Isrstealer family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2