isrstealer | ec889c7b55d7236ba0d5bde2c5d842d15752267d38597b2eb165cd04d3c0129c | Triage

Submit
Reports

Overview

overview

Static

static

ec889c7b55...9c.exe

windows7-x64

ec889c7b55...9c.exe

windows10-2004-x64

Sharing

General

Target

ec889c7b55d7236ba0d5bde2c5d842d15752267d38597b2eb165cd04d3c0129c
Size

648KB
Sample

221127-q48myaca74
MD5

894076096dbed940112524f6f4c5e03e
SHA1

708137b59727628d351d3b13f10c5630ec7127be
SHA256

ec889c7b55d7236ba0d5bde2c5d842d15752267d38597b2eb165cd04d3c0129c
SHA512

78520cf458378e6d646caa1ae2e1baaafeb3c4f2299c40c6575b64f5e76d0bb6daba34451ebf6e51fe93a8a2a43ae510200b8be46e1209cd87fa75cb6963ae2c
SSDEEP

12288:LW6hqMI1GJsvLBOyEtoWW6hqMI1GJsvLBOyEto1X:LW6hqMIcJgBvEtoWW6hqMIcJgBvEto1X

Score

10^/10

isrstealer collection spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

ec889c7b55d7236ba0d5bde2c5d842d15752267d38597b2eb165cd04d3c0129c.exe

Resource

win7-20220812-en

isrstealer collection spyware stealer trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

ec889c7b55d7236ba0d5bde2c5d842d15752267d38597b2eb165cd04d3c0129c.exe

Resource

win10v2004-20220812-en

isrstealer collection spyware stealer trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  ec889c7b55d7236ba0d5bde2c5d842d15752267d38597b2eb165cd04d3c0129c
- Size
  
  648KB
- MD5
  
  894076096dbed940112524f6f4c5e03e
- SHA1
  
  708137b59727628d351d3b13f10c5630ec7127be
- SHA256
  
  ec889c7b55d7236ba0d5bde2c5d842d15752267d38597b2eb165cd04d3c0129c
- SHA512
  
  78520cf458378e6d646caa1ae2e1baaafeb3c4f2299c40c6575b64f5e76d0bb6daba34451ebf6e51fe93a8a2a43ae510200b8be46e1209cd87fa75cb6963ae2c
- SSDEEP
  
  12288:LW6hqMI1GJsvLBOyEtoWW6hqMI1GJsvLBOyEto1X:LW6hqMIcJgBvEtoWW6hqMIcJgBvEto1X
Score

10^/10

isrstealer collection spyware stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

isrstealercollectionspywarestealertrojanupx

behavioral2

isrstealercollectionspywarestealertrojanupx

© 2018-2024

Terms | Privacy