isrstealer | a16ab86b4556c174f4a6c3a6d7f1de6b4635aaffd3db3907d7256adab6ad4ee9 | Triage

Submit
Reports

Overview

overview

Static

static

a16ab86b45...e9.exe

windows7-x64

a16ab86b45...e9.exe

windows10-2004-x64

Sharing

General

Target

a16ab86b4556c174f4a6c3a6d7f1de6b4635aaffd3db3907d7256adab6ad4ee9
Size

258KB
Sample

221206-zkt5waca37
MD5

0b0876ba39bc777d1f06ee285b64f29a
SHA1

9ddd982d9cfdbf838a931f7769b613117c144043
SHA256

a16ab86b4556c174f4a6c3a6d7f1de6b4635aaffd3db3907d7256adab6ad4ee9
SHA512

2c50fc1541beb169f861e50b0181734c30c9b87216e05093da680ac37b8775923ffa282f0dfef3c9c3da887325c3b8e5312ea8c52cd8b2864acfe1cc783435ea
SSDEEP

3072:SzmLkZ7Dmi9qyonfftoUvTOZYFoO6ovQyaTOvn3qUM7JIud2kc1gBPQW+hKqfS7:gfIyonfjiGFo0IyPvn3n4yLkLBPQW+f

Score

10^/10

isrstealer persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

a16ab86b4556c174f4a6c3a6d7f1de6b4635aaffd3db3907d7256adab6ad4ee9.exe

Resource

win7-20221111-en

isrstealer persistence stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

a16ab86b4556c174f4a6c3a6d7f1de6b4635aaffd3db3907d7256adab6ad4ee9.exe

Resource

win10v2004-20220901-en

isrstealer persistence stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  a16ab86b4556c174f4a6c3a6d7f1de6b4635aaffd3db3907d7256adab6ad4ee9
- Size
  
  258KB
- MD5
  
  0b0876ba39bc777d1f06ee285b64f29a
- SHA1
  
  9ddd982d9cfdbf838a931f7769b613117c144043
- SHA256
  
  a16ab86b4556c174f4a6c3a6d7f1de6b4635aaffd3db3907d7256adab6ad4ee9
- SHA512
  
  2c50fc1541beb169f861e50b0181734c30c9b87216e05093da680ac37b8775923ffa282f0dfef3c9c3da887325c3b8e5312ea8c52cd8b2864acfe1cc783435ea
- SSDEEP
  
  3072:SzmLkZ7Dmi9qyonfftoUvTOZYFoO6ovQyaTOvn3qUM7JIud2kc1gBPQW+hKqfS7:gfIyonfjiGFo0IyPvn3n4yLkLBPQW+f
Score

10^/10

isrstealer persistence stealer trojan
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerpersistencestealertrojan

behavioral2

isrstealerpersistencestealertrojan

© 2018-2025

Terms | Privacy