isrstealer | 764707b35588d5f7115cf414a042d0f5d0e49b34dfc2d88e5a279ed1339dd3a6

General

Target

764707b35588d5f7115cf414a042d0f5d0e49b34dfc2d88e5a279ed1339dd3a6
Size

6.9MB
Sample

221202-23hwnsgb5v
MD5

5440281fafbdd4309fc5fb1724af11d2
SHA1

14a521a069a5d0099ca454fc0b2aa740b7b41fc7
SHA256

764707b35588d5f7115cf414a042d0f5d0e49b34dfc2d88e5a279ed1339dd3a6
SHA512

c6079f9ce8fe8ebbc39b84014bc955d8d732e60ff663bea342850241df9faaeed2331c0ed26bf52f92f1d6d9eaf833b2e9d599bbca4115f21c4d223918f633f4
SSDEEP

196608:ycnG9S9X4YJbM5M6i4XvLsLvZLCmyhh4Gt/OvnxusX7:NnG96q5M6irhmmyhhncn5r

Score

10^/10

Malware Config

Targets

- Target
  
  764707b35588d5f7115cf414a042d0f5d0e49b34dfc2d88e5a279ed1339dd3a6
- Size
  
  6.9MB
- MD5
  
  5440281fafbdd4309fc5fb1724af11d2
- SHA1
  
  14a521a069a5d0099ca454fc0b2aa740b7b41fc7
- SHA256
  
  764707b35588d5f7115cf414a042d0f5d0e49b34dfc2d88e5a279ed1339dd3a6
- SHA512
  
  c6079f9ce8fe8ebbc39b84014bc955d8d732e60ff663bea342850241df9faaeed2331c0ed26bf52f92f1d6d9eaf833b2e9d599bbca4115f21c4d223918f633f4
- SSDEEP
  
  196608:ycnG9S9X4YJbM5M6i4XvLsLvZLCmyhh4Gt/OvnxusX7:NnG96q5M6irhmmyhhncn5r
Score

10^/10

isrstealer aspackv2 spyware stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ISR Stealer

ISR Stealer payload

ASPack v2.12-2.42

Executes dropped EXE

UPX packed file

Checks computer location settings

Loads dropped DLL

Reads data files stored by FTP clients

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2