isrstealer | 239dcacbfdabe7bf250d1ab803789144b93601f8849f12d75dbf8716db407ef3 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

239dcacbfd...f3.exe

windows7-x64

239dcacbfd...f3.exe

windows10-2004-x64

Sharing

General

Target

239dcacbfdabe7bf250d1ab803789144b93601f8849f12d75dbf8716db407ef3
Size

351KB
Sample

221124-dxfmcsea43
MD5

f70ab20d0b560fd0e6d378105718491a
SHA1

c689a07f5b05a94edeee2832e63dd7e2f0f2024d
SHA256

239dcacbfdabe7bf250d1ab803789144b93601f8849f12d75dbf8716db407ef3
SHA512

4cd2cc662f0529c1ee4c8021c5eb786b80e86be71358f340907aa0a8a05329a8cae42ee2f42e5138154f470e5d776c96a84035139fc1ab4fa2ae6f5842a475a5
SSDEEP

6144:oAAYDXa1DdFIHmGm7vx3Dp486h5LH3jnLd9crJ2E1aWWySm+5B5:7DXCDdFIHY93DG8WznB8J2iadB

Score

10^/10

isrstealer agilenet collection persistence stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

239dcacbfdabe7bf250d1ab803789144b93601f8849f12d75dbf8716db407ef3.exe

Resource

win7-20221111-en

isrstealer agilenet collection persistence stealer trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

239dcacbfdabe7bf250d1ab803789144b93601f8849f12d75dbf8716db407ef3.exe

Resource

win10v2004-20221111-en

isrstealer agilenet collection persistence stealer trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  239dcacbfdabe7bf250d1ab803789144b93601f8849f12d75dbf8716db407ef3
- Size
  
  351KB
- MD5
  
  f70ab20d0b560fd0e6d378105718491a
- SHA1
  
  c689a07f5b05a94edeee2832e63dd7e2f0f2024d
- SHA256
  
  239dcacbfdabe7bf250d1ab803789144b93601f8849f12d75dbf8716db407ef3
- SHA512
  
  4cd2cc662f0529c1ee4c8021c5eb786b80e86be71358f340907aa0a8a05329a8cae42ee2f42e5138154f470e5d776c96a84035139fc1ab4fa2ae6f5842a475a5
- SSDEEP
  
  6144:oAAYDXa1DdFIHmGm7vx3Dp486h5LH3jnLd9crJ2E1aWWySm+5B5:7DXCDdFIHY93DG8WznB8J2iadB
Score

10^/10

isrstealer agilenet collection persistence stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealeragilenetcollectionpersistencestealertrojanupx

behavioral2

isrstealeragilenetcollectionpersistencestealertrojanupx

© 2018-2025

Terms | Privacy