isrstealer | 1dad7cebdc748546b37479bb73b8f1e14d80ec924872a70f38600e9de96c709a | Triage

Submit
Reports

Overview

overview

Static

static

1dad7cebdc...9a.exe

windows7-x64

1dad7cebdc...9a.exe

windows10-2004-x64

Sharing

General

Target

1dad7cebdc748546b37479bb73b8f1e14d80ec924872a70f38600e9de96c709a
Size

927KB
Sample

221021-x2arfsbhc4
MD5

1962ce13ac71c84d534ad8b86ca46f00
SHA1

3b82231a7c0f05cdbb752fdb3f129312c59f22f4
SHA256

1dad7cebdc748546b37479bb73b8f1e14d80ec924872a70f38600e9de96c709a
SHA512

c35d7a7f18831df895f16ef39ced6d3cf3e9c1d2794b87ace23a126aa19529e3d63f1b552ecf54abfff134b30bdd28698860edb7f373435442c32052a0075c32
SSDEEP

24576:1t24y3ALMhl5B2AqdJ2Ou68GGUEtsh7N1v:hw3TqdJy68OXv

Score

10^/10

isrstealer collection evasion persistence stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

1dad7cebdc748546b37479bb73b8f1e14d80ec924872a70f38600e9de96c709a.exe

Resource

win7-20220812-en

isrstealer collection evasion persistence stealer trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

1dad7cebdc748546b37479bb73b8f1e14d80ec924872a70f38600e9de96c709a.exe

Resource

win10v2004-20220901-en

isrstealer collection evasion persistence stealer trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  1dad7cebdc748546b37479bb73b8f1e14d80ec924872a70f38600e9de96c709a
- Size
  
  927KB
- MD5
  
  1962ce13ac71c84d534ad8b86ca46f00
- SHA1
  
  3b82231a7c0f05cdbb752fdb3f129312c59f22f4
- SHA256
  
  1dad7cebdc748546b37479bb73b8f1e14d80ec924872a70f38600e9de96c709a
- SHA512
  
  c35d7a7f18831df895f16ef39ced6d3cf3e9c1d2794b87ace23a126aa19529e3d63f1b552ecf54abfff134b30bdd28698860edb7f373435442c32052a0075c32
- SSDEEP
  
  24576:1t24y3ALMhl5B2AqdJ2Ou68GGUEtsh7N1v:hw3TqdJy68OXv
Score

10^/10

isrstealer collection evasion persistence stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealercollectionevasionpersistencestealertrojanupx

behavioral2

isrstealercollectionevasionpersistencestealertrojanupx

© 2018-2025

Terms | Privacy