isrstealer | 8133ac485b0b77131493591ad4636a2c2414f5bcfe6d917bcd344ae1ac70c17a | Triage

Submit
Reports

Overview

overview

Static

static

8133ac485b...7a.exe

windows7-x64

8133ac485b...7a.exe

windows10-2004-x64

Sharing

General

Target

8133ac485b0b77131493591ad4636a2c2414f5bcfe6d917bcd344ae1ac70c17a
Size

931KB
Sample

221021-ytbjfsdegj
MD5

ef37b75fb8488cd171bf04013a2b6f36
SHA1

2bd5c303bb4c30407a3d37f8dee86f6089c0e4b3
SHA256

8133ac485b0b77131493591ad4636a2c2414f5bcfe6d917bcd344ae1ac70c17a
SHA512

a777ffb11c7197df1036943c4907ac9ad768e01589d274a657ab185c898e2238b5153721c10aac68a6309405c0ceab0d278e78051a2766c66636b938e2500c31
SSDEEP

12288:oRWNcr8oxnU1ztrABdy5oQc82UYoi6Cuw78YOJEn1GUEVQqYHQFOH9LPsv5mrNmu:LNBIUDMs+YYowu68GGUEtsh7N18Cf

Score

10^/10

isrstealer collection evasion persistence stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

8133ac485b0b77131493591ad4636a2c2414f5bcfe6d917bcd344ae1ac70c17a.exe

Resource

win7-20220812-en

isrstealer collection evasion persistence stealer trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

8133ac485b0b77131493591ad4636a2c2414f5bcfe6d917bcd344ae1ac70c17a.exe

Resource

win10v2004-20220901-en

isrstealer collection evasion persistence stealer trojan upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  8133ac485b0b77131493591ad4636a2c2414f5bcfe6d917bcd344ae1ac70c17a
- Size
  
  931KB
- MD5
  
  ef37b75fb8488cd171bf04013a2b6f36
- SHA1
  
  2bd5c303bb4c30407a3d37f8dee86f6089c0e4b3
- SHA256
  
  8133ac485b0b77131493591ad4636a2c2414f5bcfe6d917bcd344ae1ac70c17a
- SHA512
  
  a777ffb11c7197df1036943c4907ac9ad768e01589d274a657ab185c898e2238b5153721c10aac68a6309405c0ceab0d278e78051a2766c66636b938e2500c31
- SSDEEP
  
  12288:oRWNcr8oxnU1ztrABdy5oQc82UYoi6Cuw78YOJEn1GUEVQqYHQFOH9LPsv5mrNmu:LNBIUDMs+YYowu68GGUEtsh7N18Cf
Score

10^/10

isrstealer collection evasion persistence stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Modifies visiblity of hidden/system files in Explorer
  evasion
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealercollectionevasionpersistencestealertrojanupx

behavioral2

isrstealercollectionevasionpersistencestealertrojanupx

© 2018-2025

Terms | Privacy