isrstealer | 7cb4234c1fe1bca713470e7d9525be010dce9c8fcb6b1aa768251314b8f49c57 | Triage

Submit
Reports

Overview

overview

Static

static

7cb4234c1f...57.exe

windows7-x64

7cb4234c1f...57.exe

windows10-2004-x64

Sharing

General

Target

7cb4234c1fe1bca713470e7d9525be010dce9c8fcb6b1aa768251314b8f49c57
Size

446KB
Sample

221119-lrlv7aad9y
MD5

d64d05f5c5b596dbcc33d1c3c29bba36
SHA1

f7224d9219f091fcb9f44e5f6d7a39f1703e56ac
SHA256

7cb4234c1fe1bca713470e7d9525be010dce9c8fcb6b1aa768251314b8f49c57
SHA512

f935140f11d9d39f60325210472c986a6c3b9eb789124fc6e07a8b394e09726677d7b6220999030bc11dae7d823d5e871c68d0eb0a3e50996514fc7caa943e1d
SSDEEP

6144:F0c0T3+690+0yN5qnv/h4kZuNbdbCCqvN7VHD89QfulHHHvv8:F0c0K6K3SigBbCxN7VHD8yfu

Score

10^/10

isrstealer collection stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

7cb4234c1fe1bca713470e7d9525be010dce9c8fcb6b1aa768251314b8f49c57.exe

Resource

win7-20221111-en

isrstealer collection stealer trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

7cb4234c1fe1bca713470e7d9525be010dce9c8fcb6b1aa768251314b8f49c57.exe

Resource

win10v2004-20221111-en

isrstealer collection stealer trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  7cb4234c1fe1bca713470e7d9525be010dce9c8fcb6b1aa768251314b8f49c57
- Size
  
  446KB
- MD5
  
  d64d05f5c5b596dbcc33d1c3c29bba36
- SHA1
  
  f7224d9219f091fcb9f44e5f6d7a39f1703e56ac
- SHA256
  
  7cb4234c1fe1bca713470e7d9525be010dce9c8fcb6b1aa768251314b8f49c57
- SHA512
  
  f935140f11d9d39f60325210472c986a6c3b9eb789124fc6e07a8b394e09726677d7b6220999030bc11dae7d823d5e871c68d0eb0a3e50996514fc7caa943e1d
- SSDEEP
  
  6144:F0c0T3+690+0yN5qnv/h4kZuNbdbCCqvN7VHD89QfulHHHvv8:F0c0K6K3SigBbCxN7VHD8yfu
Score

10^/10

isrstealer collection stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealercollectionstealertrojanupx

behavioral2

isrstealercollectionstealertrojanupx

© 2018-2025

Terms | Privacy