isrstealer | 94a0098933047c318a0b508e09edc22794f126adcd7946b00dd874cd50405b8e | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...d3.exe

windows7-x64

JaffaCakes...d3.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_a46ac4796ed318b7db93be19b00cc9d3
Size

312KB
Sample

250205-2gn6kawqdl
MD5

a46ac4796ed318b7db93be19b00cc9d3
SHA1

7e46db664707ad03fcd8edfcfde2351c11335a91
SHA256

94a0098933047c318a0b508e09edc22794f126adcd7946b00dd874cd50405b8e
SHA512

51cf7c3921a96942fb212753dff5c21adc866fb357f9395af6e32ef0b61ba1f459e858494c9c2643917945e89e5b0018c16a4a42b0d5b09fd0837b48272d4f75
SSDEEP

6144:aP2ZAmxWjfP5YVtt85LRDPt7p9WmKzlja5Cl8bIBlq7wi:aPpb5A8BpV99WBw5CKbIIwi

Score

10^/10

isrstealer collection discovery spyware stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_a46ac4796ed318b7db93be19b00cc9d3.exe

Resource

win7-20240729-en

isrstealer collection discovery spyware stealer trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_a46ac4796ed318b7db93be19b00cc9d3.exe

Resource

win10v2004-20250129-en

isrstealer collection discovery spyware stealer trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_a46ac4796ed318b7db93be19b00cc9d3
- Size
  
  312KB
- MD5
  
  a46ac4796ed318b7db93be19b00cc9d3
- SHA1
  
  7e46db664707ad03fcd8edfcfde2351c11335a91
- SHA256
  
  94a0098933047c318a0b508e09edc22794f126adcd7946b00dd874cd50405b8e
- SHA512
  
  51cf7c3921a96942fb212753dff5c21adc866fb357f9395af6e32ef0b61ba1f459e858494c9c2643917945e89e5b0018c16a4a42b0d5b09fd0837b48272d4f75
- SSDEEP
  
  6144:aP2ZAmxWjfP5YVtt85LRDPt7p9WmKzlja5Cl8bIBlq7wi:aPpb5A8BpV99WBw5CKbIIwi
Score

10^/10

isrstealer collection discovery spyware stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Isrstealer family
  isrstealer
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft MailPassView
  Password recovery tool for various email clients
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealercollectiondiscoveryspywarestealertrojanupx

behavioral2

isrstealercollectiondiscoveryspywarestealertrojanupx

© 2018-2025

Terms | Privacy