isrstealer | 2adb40401a2e732139725aff2a4dc3e8b3ad8c08c197c1bb73313ee5a1539b9f | Triage

Submit
Reports

Overview

overview

Static

static

2adb40401a...9f.exe

windows7-x64

2adb40401a...9f.exe

windows10-2004-x64

Sharing

General

Target

2adb40401a2e732139725aff2a4dc3e8b3ad8c08c197c1bb73313ee5a1539b9f
Size

156KB
Sample

221020-k2he3segcn
MD5

8115772851e1fdcf57a48d4b8d4c12fe
SHA1

35da657f12a22c2bb8773ba0a4e3e8dff0af4e53
SHA256

2adb40401a2e732139725aff2a4dc3e8b3ad8c08c197c1bb73313ee5a1539b9f
SHA512

406d7268d5ddd7d9a964a4acd6fa8c39e15d3465b55192c3c768dafccfb2fb5dc689c5ccf73dd31acc44329c9c227b77e32c8eebb56ca7c4b7bc248e25e890db
SSDEEP

3072:M1wyHU/zhrXhGoFwrTgj7obINT3guCvp3BMs:MIzhrXhGoyrMPobUT3LCvp3BM

Score

10^/10

isrstealer bootkit persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

2adb40401a2e732139725aff2a4dc3e8b3ad8c08c197c1bb73313ee5a1539b9f.exe

Resource

win7-20220812-en

isrstealer bootkit persistence spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

2adb40401a2e732139725aff2a4dc3e8b3ad8c08c197c1bb73313ee5a1539b9f.exe

Resource

win10v2004-20220812-en

isrstealer bootkit persistence spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  2adb40401a2e732139725aff2a4dc3e8b3ad8c08c197c1bb73313ee5a1539b9f
- Size
  
  156KB
- MD5
  
  8115772851e1fdcf57a48d4b8d4c12fe
- SHA1
  
  35da657f12a22c2bb8773ba0a4e3e8dff0af4e53
- SHA256
  
  2adb40401a2e732139725aff2a4dc3e8b3ad8c08c197c1bb73313ee5a1539b9f
- SHA512
  
  406d7268d5ddd7d9a964a4acd6fa8c39e15d3465b55192c3c768dafccfb2fb5dc689c5ccf73dd31acc44329c9c227b77e32c8eebb56ca7c4b7bc248e25e890db
- SSDEEP
  
  3072:M1wyHU/zhrXhGoFwrTgj7obINT3guCvp3BMs:MIzhrXhGoyrMPobUT3LCvp3BM
Score

10^/10

isrstealer bootkit persistence spyware stealer trojan
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerbootkitpersistencespywarestealertrojan

behavioral2

isrstealerbootkitpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy