General
-
Target
JaffaCakes118_8a135b2fb21cecaab74229045c9c4eac
-
Size
204KB
-
Sample
250327-1j6yqa1jt7
-
MD5
8a135b2fb21cecaab74229045c9c4eac
-
SHA1
ef2b2a0babd397f58fb947c6b7f5aa7fe86972c4
-
SHA256
8d65783d6457cb97672593911d4d764d4ef6874ae2674aa6480b4fa9c6d14168
-
SHA512
17521c191cbf945bc0be745f6295cbef82524d36f2ad469afc3e80ebd569aed7b7c6778993b0eeabf8e2047f723759427d786841f0734b37890751d28a1ba1c3
-
SSDEEP
3072:wbXAd2LVqogc7YiQ66iLZzjEdievZP+EQGNVH7/VhbIY25MFimj9wHSB2bCZI68n:mAov2aJ+iyP+sLIYWYQyB2WZI6x
Malware Config
Targets
-
-
Target
JaffaCakes118_8a135b2fb21cecaab74229045c9c4eac
-
Size
204KB
-
MD5
8a135b2fb21cecaab74229045c9c4eac
-
SHA1
ef2b2a0babd397f58fb947c6b7f5aa7fe86972c4
-
SHA256
8d65783d6457cb97672593911d4d764d4ef6874ae2674aa6480b4fa9c6d14168
-
SHA512
17521c191cbf945bc0be745f6295cbef82524d36f2ad469afc3e80ebd569aed7b7c6778993b0eeabf8e2047f723759427d786841f0734b37890751d28a1ba1c3
-
SSDEEP
3072:wbXAd2LVqogc7YiQ66iLZzjEdievZP+EQGNVH7/VhbIY25MFimj9wHSB2bCZI68n:mAov2aJ+iyP+sLIYWYQyB2WZI6x
Score10/10-
ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
-
ISR Stealer payload
-
Isrstealer family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-