isrstealer | f8db5d2cad6f10867133309260241c56f5fd5339b1b44b99202d595d489466e2 | Triage

Submit
Reports

Overview

overview

Static

static

f8db5d2cad...e2.exe

windows7-x64

f8db5d2cad...e2.exe

windows10-2004-x64

Sharing

General

Target

f8db5d2cad6f10867133309260241c56f5fd5339b1b44b99202d595d489466e2
Size

476KB
Sample

221201-h6rs7sfc29
MD5

6741dc5ddd491db2b326f0fcad0b4790
SHA1

4bd15a7d6b0f8245552b7b3dac53d83c6787758e
SHA256

f8db5d2cad6f10867133309260241c56f5fd5339b1b44b99202d595d489466e2
SHA512

4ba04046ef6bb9d6a7da0f9888dc795fc40b7ae8ddfbd1a8ae9e6dba8b3b4f5b7257484734ac72db87c18a4c309aa292fe90ff832ef95f959b6b263b19de1d85
SSDEEP

12288:n9eKNv21hW2RuTX0AahjA0OBmu96LFFt:IKNu1gVX01hjaBr6X

Score

10^/10

isrstealer persistence spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

f8db5d2cad6f10867133309260241c56f5fd5339b1b44b99202d595d489466e2.exe

Resource

win7-20220812-en

isrstealer persistence spyware stealer trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

f8db5d2cad6f10867133309260241c56f5fd5339b1b44b99202d595d489466e2.exe

Resource

win10v2004-20220812-en

isrstealer persistence spyware stealer trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  f8db5d2cad6f10867133309260241c56f5fd5339b1b44b99202d595d489466e2
- Size
  
  476KB
- MD5
  
  6741dc5ddd491db2b326f0fcad0b4790
- SHA1
  
  4bd15a7d6b0f8245552b7b3dac53d83c6787758e
- SHA256
  
  f8db5d2cad6f10867133309260241c56f5fd5339b1b44b99202d595d489466e2
- SHA512
  
  4ba04046ef6bb9d6a7da0f9888dc795fc40b7ae8ddfbd1a8ae9e6dba8b3b4f5b7257484734ac72db87c18a4c309aa292fe90ff832ef95f959b6b263b19de1d85
- SSDEEP
  
  12288:n9eKNv21hW2RuTX0AahjA0OBmu96LFFt:IKNu1gVX01hjaBr6X
Score

10^/10

isrstealer persistence spyware stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerpersistencespywarestealertrojanupx

behavioral2

isrstealerpersistencespywarestealertrojanupx

© 2018-2025

Terms | Privacy