isrstealer | 4ce1b099d3e0a4198602e797e38e3cf183edcf26c6c911a725146d41b7917eae | Triage

Submit
Reports

Overview

overview

Static

static

4ce1b099d3...ae.exe

windows7-x64

4ce1b099d3...ae.exe

windows10-2004-x64

Sharing

General

Target

4ce1b099d3e0a4198602e797e38e3cf183edcf26c6c911a725146d41b7917eae
Size

567KB
Sample

221128-mr16jsgc59
MD5

481ed407e75685b552fc1fd9fb5eca38
SHA1

5af33a34ce57af7387eb379e3d5ab8b450e5f3b0
SHA256

4ce1b099d3e0a4198602e797e38e3cf183edcf26c6c911a725146d41b7917eae
SHA512

c36e01cdc58991f0cddb7c80ad4bb06b18d95c09f8109b1b36e7343fc0705c9ded9f075d7e06f209d033e37aba17f7117c95741886f305f7c0cc9bc92fa8ab10
SSDEEP

12288:odS/kWXb+BSC9GKhTej/NM7N2BMYAx7DrT6lnd1G7p:CScmkSC9Gx/NM7N2mYizZp

Score

10^/10

isrstealer collection stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

4ce1b099d3e0a4198602e797e38e3cf183edcf26c6c911a725146d41b7917eae.exe

Resource

win7-20221111-en

isrstealer collection stealer trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

4ce1b099d3e0a4198602e797e38e3cf183edcf26c6c911a725146d41b7917eae.exe

Resource

win10v2004-20220812-en

isrstealer collection stealer trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  4ce1b099d3e0a4198602e797e38e3cf183edcf26c6c911a725146d41b7917eae
- Size
  
  567KB
- MD5
  
  481ed407e75685b552fc1fd9fb5eca38
- SHA1
  
  5af33a34ce57af7387eb379e3d5ab8b450e5f3b0
- SHA256
  
  4ce1b099d3e0a4198602e797e38e3cf183edcf26c6c911a725146d41b7917eae
- SHA512
  
  c36e01cdc58991f0cddb7c80ad4bb06b18d95c09f8109b1b36e7343fc0705c9ded9f075d7e06f209d033e37aba17f7117c95741886f305f7c0cc9bc92fa8ab10
- SSDEEP
  
  12288:odS/kWXb+BSC9GKhTej/NM7N2BMYAx7DrT6lnd1G7p:CScmkSC9Gx/NM7N2mYizZp
Score

10^/10

isrstealer collection stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealercollectionstealertrojanupx

behavioral2

isrstealercollectionstealertrojanupx

© 2018-2025

Terms | Privacy