isrstealer | 51a979eedcdc9805fe0f11f557b28baeb9950cb1a2afca366a0b37e2a7842b6e | Triage

Submit
Reports

Overview

overview

Static

static

51a979eedc...6e.exe

windows7-x64

51a979eedc...6e.exe

windows10-2004-x64

Sharing

General

Target

51a979eedcdc9805fe0f11f557b28baeb9950cb1a2afca366a0b37e2a7842b6e
Size

346KB
Sample

221127-thzppaad53
MD5

88e068c8b28cbb25850714649ec0c2c0
SHA1

6da8fcb73665f1f3fde8ecaaaf80970ade5bf9a7
SHA256

51a979eedcdc9805fe0f11f557b28baeb9950cb1a2afca366a0b37e2a7842b6e
SHA512

b43ea670528b26bf48e50f3048173f6a73efc1b292d46a7397b3fe5a43d9bb7bd3ff76a3a59a48636fb63861156417dffc5a137da8001f1869cac0822bb3429c
SSDEEP

6144:kplf4SltGiDOE961LDGoMNgFiqoJdJx1FNmZoOb/tXLcfv2mAJdXgy21:Ofhlt7DOE961LDGtLfqZoOj1LYAJdB

Score

10^/10

isrstealer collection persistence stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

51a979eedcdc9805fe0f11f557b28baeb9950cb1a2afca366a0b37e2a7842b6e.exe

Resource

win7-20221111-en

isrstealer collection persistence stealer trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

51a979eedcdc9805fe0f11f557b28baeb9950cb1a2afca366a0b37e2a7842b6e.exe

Resource

win10v2004-20220812-en

isrstealer collection persistence stealer trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  51a979eedcdc9805fe0f11f557b28baeb9950cb1a2afca366a0b37e2a7842b6e
- Size
  
  346KB
- MD5
  
  88e068c8b28cbb25850714649ec0c2c0
- SHA1
  
  6da8fcb73665f1f3fde8ecaaaf80970ade5bf9a7
- SHA256
  
  51a979eedcdc9805fe0f11f557b28baeb9950cb1a2afca366a0b37e2a7842b6e
- SHA512
  
  b43ea670528b26bf48e50f3048173f6a73efc1b292d46a7397b3fe5a43d9bb7bd3ff76a3a59a48636fb63861156417dffc5a137da8001f1869cac0822bb3429c
- SSDEEP
  
  6144:kplf4SltGiDOE961LDGoMNgFiqoJdJx1FNmZoOb/tXLcfv2mAJdXgy21:Ofhlt7DOE961LDGtLfqZoOj1LYAJdB
Score

10^/10

isrstealer collection persistence stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealercollectionpersistencestealertrojanupx

behavioral2

isrstealercollectionpersistencestealertrojanupx

© 2018-2025

Terms | Privacy