isrstealer | 36c7dc9449d04743848bc5c43f3418d6d035a17ac382e80299826291d454b083 | Triage

Submit
Reports

Overview

overview

Static

static

36c7dc9449...83.exe

windows7-x64

36c7dc9449...83.exe

windows10-2004-x64

Sharing

General

Target

36c7dc9449d04743848bc5c43f3418d6d035a17ac382e80299826291d454b083
Size

260KB
Sample

221002-2zsayaedh2
MD5

63ed45e84f001fda39530acee1f1d3ab
SHA1

4e567048c90188840aa6caf76c0cd08f2e347df9
SHA256

36c7dc9449d04743848bc5c43f3418d6d035a17ac382e80299826291d454b083
SHA512

dbc51a704410f93192fb48712e1df1b2ab6d97ea1419fd9377d0f3a8fa92cefd2a0ebf83570a0c3f7e1ece6ba06d1741e4dad13281025e1c58ef2c9986ebfdd3
SSDEEP

6144:4Yb//1PxwvdIKCC0ef//uXltKc+LVsz9b8R4jvLXou:YvdFeCXuLKcCVsz6SDLXo

Score

10^/10

isrstealer collection spyware stealer trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

36c7dc9449d04743848bc5c43f3418d6d035a17ac382e80299826291d454b083.exe

Resource

win7-20220812-en

isrstealer collection spyware stealer trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

36c7dc9449d04743848bc5c43f3418d6d035a17ac382e80299826291d454b083.exe

Resource

win10v2004-20220812-en

isrstealer collection spyware stealer trojan upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  36c7dc9449d04743848bc5c43f3418d6d035a17ac382e80299826291d454b083
- Size
  
  260KB
- MD5
  
  63ed45e84f001fda39530acee1f1d3ab
- SHA1
  
  4e567048c90188840aa6caf76c0cd08f2e347df9
- SHA256
  
  36c7dc9449d04743848bc5c43f3418d6d035a17ac382e80299826291d454b083
- SHA512
  
  dbc51a704410f93192fb48712e1df1b2ab6d97ea1419fd9377d0f3a8fa92cefd2a0ebf83570a0c3f7e1ece6ba06d1741e4dad13281025e1c58ef2c9986ebfdd3
- SSDEEP
  
  6144:4Yb//1PxwvdIKCC0ef//uXltKc+LVsz9b8R4jvLXou:YvdFeCXuLKcCVsz6SDLXo
Score

10^/10

isrstealer collection spyware stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

isrstealercollectionspywarestealertrojanupx

behavioral2

isrstealercollectionspywarestealertrojanupx

© 2018-2024

Terms | Privacy