isrstealer | cdd24421fd25c2da897cd422594d0c912082644d52b1aa30e8860585b49e89c0 | Triage

Sharing

General

Target

cdd24421fd25c2da897cd422594d0c912082644d52b1aa30e8860585b49e89c0
Size

196KB
MD5

27695b62ce9d41e82a87b1baf242d230
SHA1

8d9b4fdd1b95f063a31d2a3440f0372f7b383375
SHA256

cdd24421fd25c2da897cd422594d0c912082644d52b1aa30e8860585b49e89c0
SHA512

d4df5d9b2bf4bacc00379739225b57143ac6066d8d90b746b72314e315a0e0ab5026cd0e3c0ed58dcd143fe31606a4f8daeedf2dcb8fdca94edd3fc13b33cba2
SSDEEP

3072:tTqPRzyeIKDWx85IOlKeJVos/8eRwXiUUAdV95I4Rp+LH1xrl3Ez8ub8Xr:tTqPRzdIKCC0ef//uXltKc+LVsz9b8

Score

10^/10

isrstealer

Malware Config

Signatures

ISR Stealer payload 1 IoCs

resource	yara_rule
sample	family_isrstealer

Isrstealer family
isrstealer

Files

cdd24421fd25c2da897cd422594d0c912082644d52b1aa30e8860585b49e89c0
.exe windows x86

193669adbcc65a07a9715dd4832f10ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord516
ord666
ord667
ord520
ord631
ord526
EVENT_SINK_AddRef
ord529
DllFunctionCall
EVENT_SINK_Release
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord606
ord607
ord608
ord717
ProcCallEngine
ord537
ord644
ord645
ord570
ord648
ord571
ord100
ord616

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ