isrstealer | 6aed3d5f2b78f7c3c916947b94c884b421cdcb312c33e811c8f0fdf80b064fe6 | Triage

Submit
Reports

Overview

overview

Static

static

6aed3d5f2b...e6.exe

windows7-x64

6aed3d5f2b...e6.exe

windows10-2004-x64

Sharing

General

Target

6aed3d5f2b78f7c3c916947b94c884b421cdcb312c33e811c8f0fdf80b064fe6
Size

652KB
Sample

221014-jvmwjseebl
MD5

63bd07721d56106b4e55dbece8d271a0
SHA1

32289183df5eaca3dba4ec79a4f567f3fbcc84c4
SHA256

6aed3d5f2b78f7c3c916947b94c884b421cdcb312c33e811c8f0fdf80b064fe6
SHA512

9ec1e3c12af78ced8b35cd994cd475ababf2daaf2a6fbb5657f3b93b70fb3b9955a601a996d7c7fbfcbbed5d7e96a4edfd54e1fd7d9d47ae86d505a5c73834a0
SSDEEP

12288:Zpm7X01MNN39gsqnyUD9pHZx95hV2Fes9f7Ne9io6gKpGZ3:nJGtgsHwlefpeM3rk3

Score

10^/10

isrstealer collection stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

6aed3d5f2b78f7c3c916947b94c884b421cdcb312c33e811c8f0fdf80b064fe6.exe

Resource

win7-20220812-en

isrstealer collection stealer trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

6aed3d5f2b78f7c3c916947b94c884b421cdcb312c33e811c8f0fdf80b064fe6.exe

Resource

win10v2004-20220901-en

isrstealer collection stealer trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  6aed3d5f2b78f7c3c916947b94c884b421cdcb312c33e811c8f0fdf80b064fe6
- Size
  
  652KB
- MD5
  
  63bd07721d56106b4e55dbece8d271a0
- SHA1
  
  32289183df5eaca3dba4ec79a4f567f3fbcc84c4
- SHA256
  
  6aed3d5f2b78f7c3c916947b94c884b421cdcb312c33e811c8f0fdf80b064fe6
- SHA512
  
  9ec1e3c12af78ced8b35cd994cd475ababf2daaf2a6fbb5657f3b93b70fb3b9955a601a996d7c7fbfcbbed5d7e96a4edfd54e1fd7d9d47ae86d505a5c73834a0
- SSDEEP
  
  12288:Zpm7X01MNN39gsqnyUD9pHZx95hV2Fes9f7Ne9io6gKpGZ3:nJGtgsHwlefpeM3rk3
Score

10^/10

isrstealer collection stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealercollectionstealertrojanupx

behavioral2

isrstealercollectionstealertrojanupx

© 2018-2025

Terms | Privacy