isrstealer | 3a91ebb3ba7b9ff34e7ae9196f1654785cbf96134950ae23b9432e4b47bf5279 | Triage

Submit
Reports

Overview

overview

Static

static

5

3a91ebb3ba...79.exe

windows7-x64

3a91ebb3ba...79.exe

windows10-2004-x64

Sharing

General

Target

3a91ebb3ba7b9ff34e7ae9196f1654785cbf96134950ae23b9432e4b47bf5279
Size

955KB
Sample

221028-2twq6safd6
MD5

0de19dc99ab1b79a28170a7da099b440
SHA1

6695d118f640e8be648055f4dbfd2e171a407b8f
SHA256

3a91ebb3ba7b9ff34e7ae9196f1654785cbf96134950ae23b9432e4b47bf5279
SHA512

c0a273437f6fc5889a8ea4da0dcee75a929d84042c41151a533f2ae5349fff921e3cf0dc4b4065bdfc6b07a7d5a584186ae81813628afbc0c48820318058a381
SSDEEP

24576:pRmJkcoQricOIQxiZY1iaYlgNeHIKqVqRE:mJZoQrbTFZY1iaYlgIHIbv

Score

10^/10

isrstealer collection spyware stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3a91ebb3ba7b9ff34e7ae9196f1654785cbf96134950ae23b9432e4b47bf5279.exe

Resource

win7-20220901-en

isrstealer collection spyware stealer trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

3a91ebb3ba7b9ff34e7ae9196f1654785cbf96134950ae23b9432e4b47bf5279.exe

Resource

win10v2004-20220812-en

isrstealer spyware stealer trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  3a91ebb3ba7b9ff34e7ae9196f1654785cbf96134950ae23b9432e4b47bf5279
- Size
  
  955KB
- MD5
  
  0de19dc99ab1b79a28170a7da099b440
- SHA1
  
  6695d118f640e8be648055f4dbfd2e171a407b8f
- SHA256
  
  3a91ebb3ba7b9ff34e7ae9196f1654785cbf96134950ae23b9432e4b47bf5279
- SHA512
  
  c0a273437f6fc5889a8ea4da0dcee75a929d84042c41151a533f2ae5349fff921e3cf0dc4b4065bdfc6b07a7d5a584186ae81813628afbc0c48820318058a381
- SSDEEP
  
  24576:pRmJkcoQricOIQxiZY1iaYlgNeHIKqVqRE:mJZoQrbTFZY1iaYlgIHIbv
Score

10^/10

isrstealer collection spyware stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealercollectionspywarestealertrojanupx

behavioral2

isrstealerspywarestealertrojanupx

© 2018-2025

Terms | Privacy