isrstealer | 201d2ae7d7de9c5df15b1690808e85d6eb87dc695bfbbd4140b5e6186b8fb81e | Triage

Submit
Reports

Overview

overview

Static

static

201d2ae7d7...1e.exe

windows7-x64

201d2ae7d7...1e.exe

windows10-2004-x64

Sharing

General

Target

201d2ae7d7de9c5df15b1690808e85d6eb87dc695bfbbd4140b5e6186b8fb81e
Size

929KB
Sample

221011-khj5kaeefj
MD5

577da7e578bc7f6457c7d3b5addcd380
SHA1

5aae15674a8f3bf5c26e66e5ed974a96a946c723
SHA256

201d2ae7d7de9c5df15b1690808e85d6eb87dc695bfbbd4140b5e6186b8fb81e
SHA512

aecbab2bd16b9c78a9de3f5527a2be71a008db3cd8679b5d80f6a69e90b2c61c1d76817117c997909d4123ee6a2a579a8c52df20a8e4c6675649cb34208eece6
SSDEEP

24576:LNBI5aehOqLefJYBnOuu68GGUEtsh7N1Qq2j:U7hDLefJaOV68OX4j

Score

10^/10

isrstealer collection evasion persistence stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

201d2ae7d7de9c5df15b1690808e85d6eb87dc695bfbbd4140b5e6186b8fb81e.exe

Resource

win7-20220812-en

isrstealer collection evasion persistence stealer trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

201d2ae7d7de9c5df15b1690808e85d6eb87dc695bfbbd4140b5e6186b8fb81e.exe

Resource

win10v2004-20220812-en

isrstealer collection evasion persistence stealer trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  201d2ae7d7de9c5df15b1690808e85d6eb87dc695bfbbd4140b5e6186b8fb81e
- Size
  
  929KB
- MD5
  
  577da7e578bc7f6457c7d3b5addcd380
- SHA1
  
  5aae15674a8f3bf5c26e66e5ed974a96a946c723
- SHA256
  
  201d2ae7d7de9c5df15b1690808e85d6eb87dc695bfbbd4140b5e6186b8fb81e
- SHA512
  
  aecbab2bd16b9c78a9de3f5527a2be71a008db3cd8679b5d80f6a69e90b2c61c1d76817117c997909d4123ee6a2a579a8c52df20a8e4c6675649cb34208eece6
- SSDEEP
  
  24576:LNBI5aehOqLefJYBnOuu68GGUEtsh7N1Qq2j:U7hDLefJaOV68OX4j
Score

10^/10

isrstealer collection evasion persistence stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealercollectionevasionpersistencestealertrojanupx

behavioral2

isrstealercollectionevasionpersistencestealertrojanupx

© 2018-2025

Terms | Privacy