isrstealer | 3e0fe0b4ebcb8a1f803b47bed8129987630c7ed559cd21e288a2b2c4ee5d5c59

General

Target

3e0fe0b4ebcb8a1f803b47bed8129987630c7ed559cd21e288a2b2c4ee5d5c59
Size

285KB
Sample

221020-y7brdadde7
MD5

904668932587d7dc853bea92906980b3
SHA1

287ebd3a54f7f4a44588c3ac3e9da8758f621cb9
SHA256

3e0fe0b4ebcb8a1f803b47bed8129987630c7ed559cd21e288a2b2c4ee5d5c59
SHA512

5bc3a49d3018764922dd934c2a0045c13ab98bb197cc6075d07ddd819cc04dcf63bc7268f0cd58f022db87f7f5d662a398ca6e2120357ecf9db12cfcd8347a78
SSDEEP

6144:NpxIRFvpEihGQ70xENDb6VWSm3YFd/F5UB3COFslRx3EDlqx87QVv/vTf42340:nqRNwnENP6VW+FhvUBSvlR6Dle8M3rfl

Score

10^/10

Malware Config

Targets

- Target
  
  3e0fe0b4ebcb8a1f803b47bed8129987630c7ed559cd21e288a2b2c4ee5d5c59
- Size
  
  285KB
- MD5
  
  904668932587d7dc853bea92906980b3
- SHA1
  
  287ebd3a54f7f4a44588c3ac3e9da8758f621cb9
- SHA256
  
  3e0fe0b4ebcb8a1f803b47bed8129987630c7ed559cd21e288a2b2c4ee5d5c59
- SHA512
  
  5bc3a49d3018764922dd934c2a0045c13ab98bb197cc6075d07ddd819cc04dcf63bc7268f0cd58f022db87f7f5d662a398ca6e2120357ecf9db12cfcd8347a78
- SSDEEP
  
  6144:NpxIRFvpEihGQ70xENDb6VWSm3YFd/F5UB3COFslRx3EDlqx87QVv/vTf42340:nqRNwnENP6VW+FhvUBSvlR6Dle8M3rfl
Score

10^/10

isrstealer spyware stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ISR Stealer

ISR Stealer payload

Executes dropped EXE

UPX packed file

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2