isrstealer | 069983c1b91e3baae09ca41c3928a8defe2aa506cd59e6d63575e6eaa6d2dca3

General

Target

069983c1b91e3baae09ca41c3928a8defe2aa506cd59e6d63575e6eaa6d2dca3
Size

1.2MB
Sample

221124-nvq1esbe33
MD5

122385771337be68407411abbb90c8ad
SHA1

8fdaa9b64239281ce74b5028a59d43d0551549c1
SHA256

069983c1b91e3baae09ca41c3928a8defe2aa506cd59e6d63575e6eaa6d2dca3
SHA512

f8162ea96469fe4510172daa0d33c66e190f950d73d441895f1dcaf783866c385fba97509c5b4e0e81d77aea5aca5702dfbf42ef0bf85d75336e2036d2994c12
SSDEEP

24576:FIF6nnjqKoev8IgX9ERDoV4z+o25YV6HJfzag4D9vw9UpFTMZD6:FIojqKoevieRUeKYON4D9uULMZD6

Score

10^/10

Malware Config

Targets

- Target
  
  069983c1b91e3baae09ca41c3928a8defe2aa506cd59e6d63575e6eaa6d2dca3
- Size
  
  1.2MB
- MD5
  
  122385771337be68407411abbb90c8ad
- SHA1
  
  8fdaa9b64239281ce74b5028a59d43d0551549c1
- SHA256
  
  069983c1b91e3baae09ca41c3928a8defe2aa506cd59e6d63575e6eaa6d2dca3
- SHA512
  
  f8162ea96469fe4510172daa0d33c66e190f950d73d441895f1dcaf783866c385fba97509c5b4e0e81d77aea5aca5702dfbf42ef0bf85d75336e2036d2994c12
- SSDEEP
  
  24576:FIF6nnjqKoev8IgX9ERDoV4z+o25YV6HJfzag4D9vw9UpFTMZD6:FIojqKoevieRUeKYON4D9uULMZD6
Score

10^/10

isrstealer collection stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ISR Stealer

ISR Stealer payload

NirSoft MailPassView

Nirsoft

Executes dropped EXE

UPX packed file

Checks computer location settings

Loads dropped DLL

Accesses Microsoft Outlook accounts

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2