isrstealer | 0273f419416b2626a6047a1b848ca818e40f20be4be075237ebf02ea3ce381ab | Triage

Submit
Reports

Overview

overview

Static

static

0273f41941...ab.exe

windows7-x64

0273f41941...ab.exe

windows10-2004-x64

Sharing

General

Target

0273f419416b2626a6047a1b848ca818e40f20be4be075237ebf02ea3ce381ab
Size

799KB
Sample

221127-wt6ngsgg55
MD5

67cb4b511fa77b68a2113ff100c19d3b
SHA1

149295633667f97ecaa61ad40d2643595175f262
SHA256

0273f419416b2626a6047a1b848ca818e40f20be4be075237ebf02ea3ce381ab
SHA512

d315d773a9800f3d69f22c18bf5aaf9935578a2283db695631389d8469fcfa7d6e94bdce894bd0f3f660721f6ae024203477b5567d188de7f25fc3680beb60a0
SSDEEP

12288:yDwlmijm7u6o2t8ZrZ0ULh//VauajOtAIqXb75idAPcQcguD4FPQxPfOAzfiS/JN:WV4vDrFVaJqaIqrUAMB4FPQxJ/J0T

Score

10^/10

isrstealer persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

0273f419416b2626a6047a1b848ca818e40f20be4be075237ebf02ea3ce381ab.exe

Resource

win7-20220812-en

isrstealer persistence stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

0273f419416b2626a6047a1b848ca818e40f20be4be075237ebf02ea3ce381ab.exe

Resource

win10v2004-20220812-en

isrstealer persistence stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  0273f419416b2626a6047a1b848ca818e40f20be4be075237ebf02ea3ce381ab
- Size
  
  799KB
- MD5
  
  67cb4b511fa77b68a2113ff100c19d3b
- SHA1
  
  149295633667f97ecaa61ad40d2643595175f262
- SHA256
  
  0273f419416b2626a6047a1b848ca818e40f20be4be075237ebf02ea3ce381ab
- SHA512
  
  d315d773a9800f3d69f22c18bf5aaf9935578a2283db695631389d8469fcfa7d6e94bdce894bd0f3f660721f6ae024203477b5567d188de7f25fc3680beb60a0
- SSDEEP
  
  12288:yDwlmijm7u6o2t8ZrZ0ULh//VauajOtAIqXb75idAPcQcguD4FPQxPfOAzfiS/JN:WV4vDrFVaJqaIqrUAMB4FPQxJ/J0T
Score

10^/10

isrstealer persistence stealer trojan
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerpersistencestealertrojan

behavioral2

isrstealerpersistencestealertrojan

© 2018-2025

Terms | Privacy