isrstealer | d60f48dae99039d7aa7e522c0b25217954345efb91ffca77cd5cb1bacd52df30

General

Target

JaffaCakes118_948d1a5feca77f43e96988e923182315
Size

404KB
Sample

250329-x32lka1vhz
MD5

948d1a5feca77f43e96988e923182315
SHA1

279484d086ac209217dec5572dfde14528dfceda
SHA256

d60f48dae99039d7aa7e522c0b25217954345efb91ffca77cd5cb1bacd52df30
SHA512

91819811553ddc79c40a3621dfff4eb447c35765ce6d490fb5c23140c851c9ffee8847bd859da3bd600d6e5cbcdd07e0df8e9d867db61b0dc2d30586e0eaf7ba
SSDEEP

6144:OdiQS0Nluv18K0UF4csKa7YTHKTXxNteM3dauJqxbvkP0GbSI/KN/7SNw:OdiQS0ruv1b0U6qmBNxguJq5vEOs

Score

10^/10

Malware Config

Targets

- Target
  
  JaffaCakes118_948d1a5feca77f43e96988e923182315
- Size
  
  404KB
- MD5
  
  948d1a5feca77f43e96988e923182315
- SHA1
  
  279484d086ac209217dec5572dfde14528dfceda
- SHA256
  
  d60f48dae99039d7aa7e522c0b25217954345efb91ffca77cd5cb1bacd52df30
- SHA512
  
  91819811553ddc79c40a3621dfff4eb447c35765ce6d490fb5c23140c851c9ffee8847bd859da3bd600d6e5cbcdd07e0df8e9d867db61b0dc2d30586e0eaf7ba
- SSDEEP
  
  6144:OdiQS0Nluv18K0UF4csKa7YTHKTXxNteM3dauJqxbvkP0GbSI/KN/7SNw:OdiQS0ruv1b0U6qmBNxguJq5vEOs
Score

10^/10

isrstealer collection discovery stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Isrstealer family
  isrstealer
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft MailPassView
  Password recovery tool for various email clients
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ISR Stealer

ISR Stealer payload

Isrstealer family

Detected Nirsoft tools

NirSoft MailPassView

Uses the VBS compiler for execution

Accesses Microsoft Outlook accounts

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2