Overview

overview

10

Static

static

3

JaffaCakes...c0.exe

windows7-x64

10

JaffaCakes...c0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_de2da9fd0156ebb8a3f21d8051616ec0

  • Size

    252KB

  • Sample

    250210-wvabns1kbm

  • MD5

    de2da9fd0156ebb8a3f21d8051616ec0

  • SHA1

    6bf39732050cf58b98a9384c84739cb3aa984d3b

  • SHA256

    3a3998e83dc3a5e6811df57aa837db1bf29a91a21137a42eb2f800f4b97df004

  • SHA512

    4c43ec73205d1856350f4a2974a9e66413865c48e8cb95f143483e53abb4f629ce0539ffc782c2c7202a6ef76f67bdbc85b8ef8d4f039672d3bf0e44847d373d

  • SSDEEP

    3072:nJj8cFNq3qPHCh+C/3m0dQz+b+C/giZfT17Slbq8FQIDch7q53aY7AzplfZqPk5G:/FPH0+Cu0CG+6giv7a7DU+aY7ALCOv

Score
10/10
isrstealerdiscoverystealertrojanupx

Malware Config

Targets

    • Target

      JaffaCakes118_de2da9fd0156ebb8a3f21d8051616ec0

    • Size

      252KB

    • MD5

      de2da9fd0156ebb8a3f21d8051616ec0

    • SHA1

      6bf39732050cf58b98a9384c84739cb3aa984d3b

    • SHA256

      3a3998e83dc3a5e6811df57aa837db1bf29a91a21137a42eb2f800f4b97df004

    • SHA512

      4c43ec73205d1856350f4a2974a9e66413865c48e8cb95f143483e53abb4f629ce0539ffc782c2c7202a6ef76f67bdbc85b8ef8d4f039672d3bf0e44847d373d

    • SSDEEP

      3072:nJj8cFNq3qPHCh+C/3m0dQz+b+C/giZfT17Slbq8FQIDch7q53aY7AzplfZqPk5G:/FPH0+Cu0CG+6giv7a7DU+aY7ALCOv

    Score
    10/10
    isrstealerdiscoverystealertrojanupx

    • ISR Stealer

      ISR Stealer is a modified version of Hackhound Stealer written in visual basic.

      trojanstealerisrstealer

    • ISR Stealer payload

    • Isrstealer family

      isrstealer

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks