isrstealer | dff4e9f059ac7d25232de9806801285c91c9672c06f116393019e27ea93a22af | Triage

Submit
Reports

Overview

overview

Static

static

dff4e9f059...af.exe

windows7-x64

dff4e9f059...af.exe

windows10-2004-x64

3

Sharing

General

Target

dff4e9f059ac7d25232de9806801285c91c9672c06f116393019e27ea93a22af
Size

591KB
Sample

221206-mfjgcshc65
MD5

0834efddb9435dded5c3da54ff228b20
SHA1

424842ccd83bc89aa5b71a6d1ba6d7313106e815
SHA256

dff4e9f059ac7d25232de9806801285c91c9672c06f116393019e27ea93a22af
SHA512

a329760633a75654ee9e4fe0c641a8d2752188b79b022367cee9345722279d8329ab7c761dca9ec50527dc0f070dbb049f0944cd697521054f40ae3c26b423a2
SSDEEP

12288:f4To2d5Ji5By5e3Vw/s2l7rsZf/XPxGDyXSMCE4adjkp3bWW9:b2d5Ji5C8VwUD/xGuiGG5d

Score

10^/10

isrstealer collection stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

dff4e9f059ac7d25232de9806801285c91c9672c06f116393019e27ea93a22af.exe

Resource

win7-20220901-en

isrstealer collection stealer trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

dff4e9f059ac7d25232de9806801285c91c9672c06f116393019e27ea93a22af.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  dff4e9f059ac7d25232de9806801285c91c9672c06f116393019e27ea93a22af
- Size
  
  591KB
- MD5
  
  0834efddb9435dded5c3da54ff228b20
- SHA1
  
  424842ccd83bc89aa5b71a6d1ba6d7313106e815
- SHA256
  
  dff4e9f059ac7d25232de9806801285c91c9672c06f116393019e27ea93a22af
- SHA512
  
  a329760633a75654ee9e4fe0c641a8d2752188b79b022367cee9345722279d8329ab7c761dca9ec50527dc0f070dbb049f0944cd697521054f40ae3c26b423a2
- SSDEEP
  
  12288:f4To2d5Ji5By5e3Vw/s2l7rsZf/XPxGDyXSMCE4adjkp3bWW9:b2d5Ji5C8VwUD/xGuiGG5d
Score

10^/10

isrstealer collection stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Accesses Microsoft Outlook accounts
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealercollectionstealertrojanupx

behavioral2

© 2018-2025

Terms | Privacy