isrstealer | 0f4810f7fb8e05a70ab4c3ea5fb8b9f598ec8221541f0627acebf851cb1c1dc6 | Triage

Submit
Reports

Overview

overview

Static

static

7

0f4810f7fb...c6.exe

windows7-x64

0f4810f7fb...c6.exe

windows10-2004-x64

Sharing

General

Target

0f4810f7fb8e05a70ab4c3ea5fb8b9f598ec8221541f0627acebf851cb1c1dc6
Size

552KB
Sample

221128-nc2zzaea8s
MD5

71ee4719874a577f4aacabe52668f341
SHA1

4e61f9699f3ff32871b493fcda3ee134d681a64a
SHA256

0f4810f7fb8e05a70ab4c3ea5fb8b9f598ec8221541f0627acebf851cb1c1dc6
SHA512

147fd4618892c26ae9d00bee91416e3697b7e656cba21bd5fdd168e23026f7db70cfd1eadf8957b690152e31ac852c67d80d829142a47b5ab0fc7fa4fdd2096b
SSDEEP

6144:DooqCevklyNpFiq+6sqjBkEs2P+avFpPK39pe58EJGGdYBZvd9OVqq65scTiK/Rd:D6ZkENWgtvrwpeaHgS/OVqqys5DYH

Score

10^/10

isrstealer agilenet stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0f4810f7fb8e05a70ab4c3ea5fb8b9f598ec8221541f0627acebf851cb1c1dc6.exe

Resource

win7-20221111-en

isrstealer stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

0f4810f7fb8e05a70ab4c3ea5fb8b9f598ec8221541f0627acebf851cb1c1dc6.exe

Resource

win10v2004-20221111-en

isrstealer stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  0f4810f7fb8e05a70ab4c3ea5fb8b9f598ec8221541f0627acebf851cb1c1dc6
- Size
  
  552KB
- MD5
  
  71ee4719874a577f4aacabe52668f341
- SHA1
  
  4e61f9699f3ff32871b493fcda3ee134d681a64a
- SHA256
  
  0f4810f7fb8e05a70ab4c3ea5fb8b9f598ec8221541f0627acebf851cb1c1dc6
- SHA512
  
  147fd4618892c26ae9d00bee91416e3697b7e656cba21bd5fdd168e23026f7db70cfd1eadf8957b690152e31ac852c67d80d829142a47b5ab0fc7fa4fdd2096b
- SSDEEP
  
  6144:DooqCevklyNpFiq+6sqjBkEs2P+avFpPK39pe58EJGGdYBZvd9OVqq65scTiK/Rd:D6ZkENWgtvrwpeaHgS/OVqqys5DYH
Score

10^/10

isrstealer stealer trojan
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

isrstealerstealertrojan

behavioral2

isrstealerstealertrojan

© 2018-2024

Terms | Privacy