Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_79dd0667f51035f1b8322d10acf1688b
-
Size
489KB
-
Sample
250316-mc49naysgw
-
MD5
79dd0667f51035f1b8322d10acf1688b
-
SHA1
fe21c49313ad7dacdca94211eb635540551b4f28
-
SHA256
fb30f6f2adef10ea9f6806afb731977b7d6c67dfddd891eab99a0a8ad3048751
-
SHA512
921eefd772ef2d1d3553db57174cf66cbcc6bbe9f745cd68fea6e0a9683ffd860e0460a3e6037dbe4848051161631d35dea1a6ea88ce0fb195fa5e26d140a23e
-
SSDEEP
12288:OVW0BLp7vXRxcBAlhQaVYZiEk2NZjEpPceXQK:OVJLp7vXRqBAlhQxYLIqqK
Malware Config
Targets
-
-
Target
JaffaCakes118_79dd0667f51035f1b8322d10acf1688b
-
Size
489KB
-
MD5
79dd0667f51035f1b8322d10acf1688b
-
SHA1
fe21c49313ad7dacdca94211eb635540551b4f28
-
SHA256
fb30f6f2adef10ea9f6806afb731977b7d6c67dfddd891eab99a0a8ad3048751
-
SHA512
921eefd772ef2d1d3553db57174cf66cbcc6bbe9f745cd68fea6e0a9683ffd860e0460a3e6037dbe4848051161631d35dea1a6ea88ce0fb195fa5e26d140a23e
-
SSDEEP
12288:OVW0BLp7vXRxcBAlhQaVYZiEk2NZjEpPceXQK:OVJLp7vXRqBAlhQxYLIqqK
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Isrstealer family
-
Detected Nirsoft tools
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-