isrstealer | 1278d28900aa2365dee77d6e421c76175c653b624e48521ace51c7b6af3c4173 | Triage

Submit
Reports

Overview

overview

Static

static

1278d28900...73.exe

windows7-x64

1278d28900...73.exe

windows10-2004-x64

Sharing

General

Target

1278d28900aa2365dee77d6e421c76175c653b624e48521ace51c7b6af3c4173
Size

653KB
Sample

221123-wgpjfaeg9y
MD5

88049ef487b421c89a7c57f7cd030747
SHA1

31e8a574df10db1650a47fb7f95f69dfa89ec72a
SHA256

1278d28900aa2365dee77d6e421c76175c653b624e48521ace51c7b6af3c4173
SHA512

45938d26e9b5778aee4b2e53d44daed85137ebacd536d333bc4c01e7651497ece758b2123df6db9998073ce59c55955ffe72acfb0f75aedb2b0f4b72c5ef5f87
SSDEEP

12288:V9qry/CuKAUokVqrT+jjJK2B8qCYm4xrlVHs82:+rKeVUT+jjJb8qCGZVHo

Score

10^/10

isrstealer sality backdoor collection evasion stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

1278d28900aa2365dee77d6e421c76175c653b624e48521ace51c7b6af3c4173.exe

Resource

win7-20220812-en

isrstealer sality backdoor collection evasion stealer trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

1278d28900aa2365dee77d6e421c76175c653b624e48521ace51c7b6af3c4173.exe

Resource

win10v2004-20221111-en

isrstealer sality backdoor collection evasion stealer trojan upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Targets

- Target
  
  1278d28900aa2365dee77d6e421c76175c653b624e48521ace51c7b6af3c4173
- Size
  
  653KB
- MD5
  
  88049ef487b421c89a7c57f7cd030747
- SHA1
  
  31e8a574df10db1650a47fb7f95f69dfa89ec72a
- SHA256
  
  1278d28900aa2365dee77d6e421c76175c653b624e48521ace51c7b6af3c4173
- SHA512
  
  45938d26e9b5778aee4b2e53d44daed85137ebacd536d333bc4c01e7651497ece758b2123df6db9998073ce59c55955ffe72acfb0f75aedb2b0f4b72c5ef5f87
- SSDEEP
  
  12288:V9qry/CuKAUokVqrT+jjJK2B8qCYm4xrlVHs82:+rKeVUT+jjJb8qCGZVHo
Score

10^/10

isrstealer sality backdoor collection evasion stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Modifies firewall policy service
  evasion
- Sality
  Sality is backdoor written in C++, first discovered in 2003.
  backdoor sality
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses Microsoft Outlook accounts
  collection
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealersalitybackdoorcollectionevasionstealertrojanupx

behavioral2

isrstealersalitybackdoorcollectionevasionstealertrojanupx

© 2018-2025

Terms | Privacy