isrstealer | 1c568e553bca8db87be421b3f41c84421266cc7f75c7efdd25c0102f35b68a84 | Triage

Submit
Reports

Overview

overview

Static

static

1c568e553b...84.exe

windows7-x64

1c568e553b...84.exe

windows10-2004-x64

Sharing

General

Target

1c568e553bca8db87be421b3f41c84421266cc7f75c7efdd25c0102f35b68a84
Size

388KB
Sample

221021-xq1hqsbfak
MD5

7319389085a33d1019201aec235a5550
SHA1

f554251589c25e095186b7280c235833fa108111
SHA256

1c568e553bca8db87be421b3f41c84421266cc7f75c7efdd25c0102f35b68a84
SHA512

862fc1776660114f67ff31db6f86653e68deed2b47cda22048a48493d122cbf7865a42288b80f607796453613cce8ddda410173afbefac694f79ae83a7091e97
SSDEEP

6144:2QuZspwEc5DzHYMPL3QtaTV5WxtXBD7KEynTM/ZZnIr:2QO4uQtiV54jfKEynQ/Z

Score

10^/10

isrstealer collection stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

1c568e553bca8db87be421b3f41c84421266cc7f75c7efdd25c0102f35b68a84.exe

Resource

win7-20220812-en

isrstealer collection stealer trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

1c568e553bca8db87be421b3f41c84421266cc7f75c7efdd25c0102f35b68a84.exe

Resource

win10v2004-20220812-en

isrstealer collection stealer trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  1c568e553bca8db87be421b3f41c84421266cc7f75c7efdd25c0102f35b68a84
- Size
  
  388KB
- MD5
  
  7319389085a33d1019201aec235a5550
- SHA1
  
  f554251589c25e095186b7280c235833fa108111
- SHA256
  
  1c568e553bca8db87be421b3f41c84421266cc7f75c7efdd25c0102f35b68a84
- SHA512
  
  862fc1776660114f67ff31db6f86653e68deed2b47cda22048a48493d122cbf7865a42288b80f607796453613cce8ddda410173afbefac694f79ae83a7091e97
- SSDEEP
  
  6144:2QuZspwEc5DzHYMPL3QtaTV5WxtXBD7KEynTM/ZZnIr:2QO4uQtiV54jfKEynQ/Z
Score

10^/10

isrstealer collection stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealercollectionstealertrojanupx

behavioral2

isrstealercollectionstealertrojanupx

© 2018-2025

Terms | Privacy