isrstealer | db84e18be1fbebc285a4c8f2f7ece79940b7a681172f6d38e382916dc33368b4

General

Target

db84e18be1fbebc285a4c8f2f7ece79940b7a681172f6d38e382916dc33368b4
Size

703KB
Sample

221129-m2967scd29
MD5

19267e9740aa0b82458d47205147d260
SHA1

dfd35f3b69bbe3a9b5c4da7ecce400bddd031cea
SHA256

db84e18be1fbebc285a4c8f2f7ece79940b7a681172f6d38e382916dc33368b4
SHA512

2096e7a2907781990f0122ba15a6fb024c7b62656e94abd6dc2b41e33617fe393079ada21ba3f925aad2d629d2c00b22c69f9ebf27bd56b0c653e86253b9c0e4
SSDEEP

12288:Bxb7DuiQkDYtkE+18hf9h3T5KT3F+4tLLHj5F/Vd4fXVqh:ffTQkD3EkSP3AV7hdui

Score

10^/10

Malware Config

Targets

- Target
  
  db84e18be1fbebc285a4c8f2f7ece79940b7a681172f6d38e382916dc33368b4
- Size
  
  703KB
- MD5
  
  19267e9740aa0b82458d47205147d260
- SHA1
  
  dfd35f3b69bbe3a9b5c4da7ecce400bddd031cea
- SHA256
  
  db84e18be1fbebc285a4c8f2f7ece79940b7a681172f6d38e382916dc33368b4
- SHA512
  
  2096e7a2907781990f0122ba15a6fb024c7b62656e94abd6dc2b41e33617fe393079ada21ba3f925aad2d629d2c00b22c69f9ebf27bd56b0c653e86253b9c0e4
- SSDEEP
  
  12288:Bxb7DuiQkDYtkE+18hf9h3T5KT3F+4tLLHj5F/Vd4fXVqh:ffTQkD3EkSP3AV7hdui
Score

10^/10

isrstealer aspackv2 collection stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ISR Stealer

ISR Stealer payload

NirSoft MailPassView

NirSoft WebBrowserPassView

Nirsoft

ASPack v2.12-2.42

Executes dropped EXE

UPX packed file

Checks computer location settings

Loads dropped DLL

Accesses Microsoft Outlook accounts

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2