isrstealer | 07d49e3671e2d598147f9590069c67711964027bdc4e3dc556e641b5e873b7fc

General

Target

07d49e3671e2d598147f9590069c67711964027bdc4e3dc556e641b5e873b7fc
Size

701KB
Sample

221126-ydqy7sdb2y
MD5

0f290201bfb725e1ff1bb560f686f176
SHA1

7ddb6af5c8645db20ab10c416dbdeb179b98f1a9
SHA256

07d49e3671e2d598147f9590069c67711964027bdc4e3dc556e641b5e873b7fc
SHA512

18b7c83f52269fc265e3fa82344bbb938372351dea42cfd6573e72c8f43e194aa8058e1ca539a85257a36ec85407a38a25d5496004012fe804921769015267c3
SSDEEP

12288:0/LN583RI3HfUbaDopr0BynlBd/m4gsqH5hdKbUZbguITHFVPQs:0/LN5soHmaspWynlT/9gbhKbeUuS

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.yandex.com
Port:
587
Username:
[email protected]
Password:
austin316

Targets

- Target
  
  07d49e3671e2d598147f9590069c67711964027bdc4e3dc556e641b5e873b7fc
- Size
  
  701KB
- MD5
  
  0f290201bfb725e1ff1bb560f686f176
- SHA1
  
  7ddb6af5c8645db20ab10c416dbdeb179b98f1a9
- SHA256
  
  07d49e3671e2d598147f9590069c67711964027bdc4e3dc556e641b5e873b7fc
- SHA512
  
  18b7c83f52269fc265e3fa82344bbb938372351dea42cfd6573e72c8f43e194aa8058e1ca539a85257a36ec85407a38a25d5496004012fe804921769015267c3
- SSDEEP
  
  12288:0/LN583RI3HfUbaDopr0BynlBd/m4gsqH5hdKbUZbguITHFVPQs:0/LN5soHmaspWynlT/9gbhKbeUuS
Score

10^/10

isrstealer spyware stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ISR Stealer

ISR Stealer payload

NirSoft WebBrowserPassView

Nirsoft

Executes dropped EXE

UPX packed file

Checks computer location settings

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2