isrstealer | 84f05dc3388e320815b9b4213746055bf5fed22e284808f262d6b2fade256a49 | Triage

Submit
Reports

Overview

overview

Static

static

84f05dc338...49.exe

windows7-x64

84f05dc338...49.exe

windows10-2004-x64

Sharing

General

Target

84f05dc3388e320815b9b4213746055bf5fed22e284808f262d6b2fade256a49
Size

396KB
Sample

221128-w2gz4abd51
MD5

a8ef2d5e506116cae0588c134067e490
SHA1

3501032b5e4dce90617788656d45724379c461aa
SHA256

84f05dc3388e320815b9b4213746055bf5fed22e284808f262d6b2fade256a49
SHA512

15351b82a74d8131a6fa2c605c0fef357b6659d9980ee36bae2e4661dd4b688ffce23463afb75169bdbd1dac36e30ec3169e31c86cb0b1ca27b6ce774cb71938
SSDEEP

12288:1sW8WRB7+0RDWj0h349/rC7Yt4ufjkz7hZJFiUzEA52JjH:yuRJ+tj0349/CaVgHhZJpn2JL

Score

10^/10

isrstealer collection persistence stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

84f05dc3388e320815b9b4213746055bf5fed22e284808f262d6b2fade256a49.exe

Resource

win7-20221111-en

isrstealer stealer trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

84f05dc3388e320815b9b4213746055bf5fed22e284808f262d6b2fade256a49.exe

Resource

win10v2004-20221111-en

isrstealer collection persistence stealer trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  84f05dc3388e320815b9b4213746055bf5fed22e284808f262d6b2fade256a49
- Size
  
  396KB
- MD5
  
  a8ef2d5e506116cae0588c134067e490
- SHA1
  
  3501032b5e4dce90617788656d45724379c461aa
- SHA256
  
  84f05dc3388e320815b9b4213746055bf5fed22e284808f262d6b2fade256a49
- SHA512
  
  15351b82a74d8131a6fa2c605c0fef357b6659d9980ee36bae2e4661dd4b688ffce23463afb75169bdbd1dac36e30ec3169e31c86cb0b1ca27b6ce774cb71938
- SSDEEP
  
  12288:1sW8WRB7+0RDWj0h349/rC7Yt4ufjkz7hZJFiUzEA52JjH:yuRJ+tj0349/CaVgHhZJpn2JL
Score

10^/10

isrstealer stealer trojan collection persistence upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses Microsoft Outlook accounts
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerstealertrojan

behavioral2

isrstealercollectionpersistencestealertrojanupx

© 2018-2025

Terms | Privacy