isrstealer | d65b080ac152dbe0abb7ab5f57396b36c7e0d3942fd4aea4820bf99ca1f034a1 | Triage

Submit
Reports

Overview

overview

Static

static

d65b080ac1...a1.rtf

windows7_x64

Sharing

General

Target

d65b080ac152dbe0abb7ab5f57396b36c7e0d3942fd4aea4820bf99ca1f034a1.rtf
Size

581KB
Sample

220402-mractsecd6
MD5

0bb01a7193df7c7167512759bd55c1f9
SHA1

2bc75da9f7cebfe08d01665c1b6db448267fd3fb
SHA256

d65b080ac152dbe0abb7ab5f57396b36c7e0d3942fd4aea4820bf99ca1f034a1
SHA512

abc2fca4bb516e4278daf4463034d314d43dfba455cbbd29fc3952962f57fa9bd77a2ab161b3a89e1ad9df6929498153ecbb9d48f11aaa4251fbac641061a76c

Score

10^/10

isrstealer collection spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

d65b080ac152dbe0abb7ab5f57396b36c7e0d3942fd4aea4820bf99ca1f034a1.rtf

Resource

win7-20220311-en

isrstealer collection spyware stealer trojan upx

windows7_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  d65b080ac152dbe0abb7ab5f57396b36c7e0d3942fd4aea4820bf99ca1f034a1.rtf
- Size
  
  581KB
- MD5
  
  0bb01a7193df7c7167512759bd55c1f9
- SHA1
  
  2bc75da9f7cebfe08d01665c1b6db448267fd3fb
- SHA256
  
  d65b080ac152dbe0abb7ab5f57396b36c7e0d3942fd4aea4820bf99ca1f034a1
- SHA512
  
  abc2fca4bb516e4278daf4463034d314d43dfba455cbbd29fc3952962f57fa9bd77a2ab161b3a89e1ad9df6929498153ecbb9d48f11aaa4251fbac641061a76c
Score

10^/10

isrstealer collection spyware stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer Payload
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealercollectionspywarestealertrojanupx

© 2018-2025

Terms | Privacy