isrstealer | 05300d824d2039909a2b3bd54f570ef61df36f81d75ab421b2b723f5dd3915e0 | Triage

Submit
Reports

Overview

overview

Static

static

05300d824d...e0.exe

windows7-x64

05300d824d...e0.exe

windows10-2004-x64

Sharing

General

Target

05300d824d2039909a2b3bd54f570ef61df36f81d75ab421b2b723f5dd3915e0
Size

311KB
Sample

221126-aspspacf9x
MD5

903e424e8012d31fd6bfde2b6715a620
SHA1

ebd025a6d84e561ba262f8ce987cf16819785f7b
SHA256

05300d824d2039909a2b3bd54f570ef61df36f81d75ab421b2b723f5dd3915e0
SHA512

bbd3406886b8685ebcba82aa0f571d21e8a359986a149e27979bee60aed7f9252dd7360d5db58ee899b3215fdb5c3e737f265a5582d8683bdf245dd188d76e45
SSDEEP

6144:nlGAxVnth2DTlanWgvj9TyaXnckaREqjf:MYVnT/WSpyacFCSf

Score

10^/10

isrstealer collection stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

05300d824d2039909a2b3bd54f570ef61df36f81d75ab421b2b723f5dd3915e0.exe

Resource

win7-20220901-en

isrstealer collection stealer trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

05300d824d2039909a2b3bd54f570ef61df36f81d75ab421b2b723f5dd3915e0.exe

Resource

win10v2004-20221111-en

isrstealer stealer trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  05300d824d2039909a2b3bd54f570ef61df36f81d75ab421b2b723f5dd3915e0
- Size
  
  311KB
- MD5
  
  903e424e8012d31fd6bfde2b6715a620
- SHA1
  
  ebd025a6d84e561ba262f8ce987cf16819785f7b
- SHA256
  
  05300d824d2039909a2b3bd54f570ef61df36f81d75ab421b2b723f5dd3915e0
- SHA512
  
  bbd3406886b8685ebcba82aa0f571d21e8a359986a149e27979bee60aed7f9252dd7360d5db58ee899b3215fdb5c3e737f265a5582d8683bdf245dd188d76e45
- SSDEEP
  
  6144:nlGAxVnth2DTlanWgvj9TyaXnckaREqjf:MYVnT/WSpyacFCSf
Score

10^/10

isrstealer collection stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

isrstealercollectionstealertrojanupx

behavioral2

isrstealerstealertrojanupx

© 2018-2024

Terms | Privacy