isrstealer | a98b92e0f48f383d15b39290e98069fb13ec3bc52451cbc927b6988e99126f68 | Triage

Submit
Reports

Overview

overview

Static

static

a98b92e0f4...68.exe

windows7-x64

a98b92e0f4...68.exe

windows10-2004-x64

Sharing

General

Target

a98b92e0f48f383d15b39290e98069fb13ec3bc52451cbc927b6988e99126f68
Size

1005KB
Sample

221128-v4ky4age2w
MD5

2d7e8e8cdeeaca9f5027dee94d7c1d5d
SHA1

676ce435617ad00f570feaef0074c30d0526ba4b
SHA256

a98b92e0f48f383d15b39290e98069fb13ec3bc52451cbc927b6988e99126f68
SHA512

54ffa24395e8dd73dd0bb448c15b53ad465254ab694a924919d2aab297381ed39d1a01da77d1192c90e0816b4e80abc5d445966a1efa5f75bbfcb6cd8677d93b
SSDEEP

24576:YgWEXtey6BxhWU5951duuNACzX/QmLTt2Dp49JRxkHOh:/WWoBHx51dBNAit2N49Nk

Score

10^/10

isrstealer collection stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

a98b92e0f48f383d15b39290e98069fb13ec3bc52451cbc927b6988e99126f68.exe

Resource

win7-20220812-en

isrstealer collection stealer trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

a98b92e0f48f383d15b39290e98069fb13ec3bc52451cbc927b6988e99126f68.exe

Resource

win10v2004-20220812-en

isrstealer collection stealer trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  a98b92e0f48f383d15b39290e98069fb13ec3bc52451cbc927b6988e99126f68
- Size
  
  1005KB
- MD5
  
  2d7e8e8cdeeaca9f5027dee94d7c1d5d
- SHA1
  
  676ce435617ad00f570feaef0074c30d0526ba4b
- SHA256
  
  a98b92e0f48f383d15b39290e98069fb13ec3bc52451cbc927b6988e99126f68
- SHA512
  
  54ffa24395e8dd73dd0bb448c15b53ad465254ab694a924919d2aab297381ed39d1a01da77d1192c90e0816b4e80abc5d445966a1efa5f75bbfcb6cd8677d93b
- SSDEEP
  
  24576:YgWEXtey6BxhWU5951duuNACzX/QmLTt2Dp49JRxkHOh:/WWoBHx51dBNAit2N49Nk
Score

10^/10

isrstealer collection stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealercollectionstealertrojanupx

behavioral2

isrstealercollectionstealertrojanupx

© 2018-2025

Terms | Privacy