isrstealer | 61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d

Analysis

max time kernel
49s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 00:46

Target

61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe
Size

358KB
MD5

2c7c9f734313cad1fd7515e0e39aaaad
SHA1

39a18302a714de9c081ca7843b9438cd2297f91d
SHA256

61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d
SHA512

3e146738a602d76584ac76413be2949128e6e84a04eed61102f0f9f419cb952ed47c73fb5c5238d7104ffd6461485db622062128850dda7fd70a05cd7a94486a
SSDEEP

6144:1Lon1m7VuwOCgOgmun3fEEVGCnt7jZFO6/OEb1d/Ck+X6Rp+6xq4hX3snt1e3:1LonI7VBOgunvtVPTAE1d/CPX6rB6tk

Score

10^/10

ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
trojan stealer isrstealer

ISR Stealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1660-60-0x0000000000080000-0x00000000000C2000-memory.dmp	family_isrstealer
behavioral1/memory/1660-63-0x0000000000401180-mapping.dmp	family_isrstealer
behavioral1/memory/1660-64-0x0000000000080000-0x00000000000C2000-memory.dmp	family_isrstealer

Suspicious use of SetThreadContext 1 IoCs

Processes:

61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe

description	pid	process	target process
PID 1428 set thread context of 1660	1428	61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe	61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe

description pid process

Token: SeDebugPrivilege 1428 61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe

description	pid	process
Token: SeDebugPrivilege	1428	61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe

description	pid	process	target process
PID 1428 wrote to memory of 1660	1428	61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe	61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe
PID 1428 wrote to memory of 1660	1428	61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe	61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe
PID 1428 wrote to memory of 1660	1428	61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe	61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe
PID 1428 wrote to memory of 1660	1428	61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe	61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe
PID 1428 wrote to memory of 1660	1428	61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe	61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe
PID 1428 wrote to memory of 1660	1428	61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe	61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe
PID 1428 wrote to memory of 1660	1428	61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe	61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe
PID 1428 wrote to memory of 1660	1428	61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe	61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe

C:\Users\Admin\AppData\Local\Temp\61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe
"C:\Users\Admin\AppData\Local\Temp\61550623ca9dab65da52310e8acd573d15d21e416df11be57d10c0be0162ab8d.exe"
2⤵
PID:1660

memory/1428-54-0x0000000076261000-0x0000000076263000-memory.dmp

Filesize
8KB

Download
memory/1428-55-0x0000000074C00000-0x00000000751AB000-memory.dmp

Filesize
5.7MB

Download
memory/1428-56-0x0000000074C00000-0x00000000751AB000-memory.dmp

Filesize
5.7MB

Download
memory/1428-66-0x0000000074C00000-0x00000000751AB000-memory.dmp

Filesize
5.7MB

Download
memory/1660-57-0x0000000000080000-0x00000000000C2000-memory.dmp

Filesize
264KB

Download
memory/1660-58-0x0000000000080000-0x00000000000C2000-memory.dmp

Filesize
264KB

Download
memory/1660-60-0x0000000000080000-0x00000000000C2000-memory.dmp

Filesize
264KB

Download
memory/1660-63-0x0000000000401180-mapping.dmp

Download
memory/1660-64-0x0000000000080000-0x00000000000C2000-memory.dmp

Filesize
264KB

Download