isrstealer | 0f4810f7fb8e05a70ab4c3ea5fb8b9f598ec8221541f0627acebf851cb1c1dc6 | Triage

Submit
Reports

Overview

overview

Static

static

7

0f4810f7fb...c6.exe

windows7-x64

0f4810f7fb...c6.exe

windows10-2004-x64

Sharing

General

Target

0f4810f7fb8e05a70ab4c3ea5fb8b9f598ec8221541f0627acebf851cb1c1dc6
Size

552KB
Sample

221128-nc2zzaea8s
MD5

71ee4719874a577f4aacabe52668f341
SHA1

4e61f9699f3ff32871b493fcda3ee134d681a64a
SHA256

0f4810f7fb8e05a70ab4c3ea5fb8b9f598ec8221541f0627acebf851cb1c1dc6
SHA512

147fd4618892c26ae9d00bee91416e3697b7e656cba21bd5fdd168e23026f7db70cfd1eadf8957b690152e31ac852c67d80d829142a47b5ab0fc7fa4fdd2096b
SSDEEP

6144:DooqCevklyNpFiq+6sqjBkEs2P+avFpPK39pe58EJGGdYBZvd9OVqq65scTiK/Rd:D6ZkENWgtvrwpeaHgS/OVqqys5DYH

Score

10^/10

isrstealer agilenet stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0f4810f7fb8e05a70ab4c3ea5fb8b9f598ec8221541f0627acebf851cb1c1dc6.exe

Resource

win7-20221111-en

isrstealer stealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

0f4810f7fb8e05a70ab4c3ea5fb8b9f598ec8221541f0627acebf851cb1c1dc6.exe

Resource

win10v2004-20221111-en

isrstealer stealer trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  0f4810f7fb8e05a70ab4c3ea5fb8b9f598ec8221541f0627acebf851cb1c1dc6
- Size
  
  552KB
- MD5
  
  71ee4719874a577f4aacabe52668f341
- SHA1
  
  4e61f9699f3ff32871b493fcda3ee134d681a64a
- SHA256
  
  0f4810f7fb8e05a70ab4c3ea5fb8b9f598ec8221541f0627acebf851cb1c1dc6
- SHA512
  
  147fd4618892c26ae9d00bee91416e3697b7e656cba21bd5fdd168e23026f7db70cfd1eadf8957b690152e31ac852c67d80d829142a47b5ab0fc7fa4fdd2096b
- SSDEEP
  
  6144:DooqCevklyNpFiq+6sqjBkEs2P+avFpPK39pe58EJGGdYBZvd9OVqq65scTiK/Rd:D6ZkENWgtvrwpeaHgS/OVqqys5DYH
Score

10^/10

isrstealer stealer trojan
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerstealertrojan

behavioral2

isrstealerstealertrojan

© 2018-2025

Terms | Privacy