isrstealer | 8f6548a916deec038c9bf6b802145c097afc8e5035848bbd8153eedd0795cbd2 | Triage

Submit
Reports

Overview

overview

Static

static

8f6548a916...d2.exe

windows7-x64

8f6548a916...d2.exe

windows10-2004-x64

Sharing

General

Target

8f6548a916deec038c9bf6b802145c097afc8e5035848bbd8153eedd0795cbd2
Size

631KB
Sample

221120-mwe4wadd7z
MD5

f6ec96e239dbf62d3676420474b1ca1f
SHA1

ca729d2a1805c7ba3a89d2e21a89834d3087ffd3
SHA256

8f6548a916deec038c9bf6b802145c097afc8e5035848bbd8153eedd0795cbd2
SHA512

e539810418b39b38817b9e1222d7c07c97ab18c190f604ab9ccbcbd00cfe2671a515d85724124a27d7e0bd3133447adb7a291e0c263935759dcae7516f790781
SSDEEP

12288:xF6Lhd7O0+kLU1WECMbSBkfwIeEHDf8zQ3PeKb0kT+Bt6qg9UfdQJpJZKv:xF6V5OzkXkGazesDf8Q/eQ0kQNQJpJsv

Score

10^/10

isrstealer collection stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

8f6548a916deec038c9bf6b802145c097afc8e5035848bbd8153eedd0795cbd2.exe

Resource

win7-20221111-en

isrstealer collection stealer trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

8f6548a916deec038c9bf6b802145c097afc8e5035848bbd8153eedd0795cbd2.exe

Resource

win10v2004-20220812-en

isrstealer collection stealer trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  8f6548a916deec038c9bf6b802145c097afc8e5035848bbd8153eedd0795cbd2
- Size
  
  631KB
- MD5
  
  f6ec96e239dbf62d3676420474b1ca1f
- SHA1
  
  ca729d2a1805c7ba3a89d2e21a89834d3087ffd3
- SHA256
  
  8f6548a916deec038c9bf6b802145c097afc8e5035848bbd8153eedd0795cbd2
- SHA512
  
  e539810418b39b38817b9e1222d7c07c97ab18c190f604ab9ccbcbd00cfe2671a515d85724124a27d7e0bd3133447adb7a291e0c263935759dcae7516f790781
- SSDEEP
  
  12288:xF6Lhd7O0+kLU1WECMbSBkfwIeEHDf8zQ3PeKb0kT+Bt6qg9UfdQJpJZKv:xF6V5OzkXkGazesDf8Q/eQ0kQNQJpJsv
Score

10^/10

isrstealer collection stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealercollectionstealertrojanupx

behavioral2

isrstealercollectionstealertrojanupx

© 2018-2025

Terms | Privacy