isrstealer | c9c15c614ea8a43be81ad6da31b320a1577f142ee1ec84e498bede89d360bdb3 | Triage

Submit
Reports

Overview

overview

Static

static

c9c15c614e...b3.exe

windows7-x64

c9c15c614e...b3.exe

windows10-2004-x64

Sharing

General

Target

c9c15c614ea8a43be81ad6da31b320a1577f142ee1ec84e498bede89d360bdb3
Size

480KB
Sample

230129-hpyv7aec2v
MD5

84730977d3c5921ce72f06569e0303d7
SHA1

0136a583df02745bdc1bbef21e6bf395a07a87ab
SHA256

c9c15c614ea8a43be81ad6da31b320a1577f142ee1ec84e498bede89d360bdb3
SHA512

9f4b3eecb443f0b7b8cfc30dec73a2e04d639406e6c7c945382173d8bd11d12d28bb9e4888469ea0873e8f0c5b43ec0e9f3b6688afb8242dec451a353aa9e368
SSDEEP

12288:diJu+2t874tMkvsVSKgMG5PJVSiFCtDM:druNMMG5nSiFCtD

Score

10^/10

isrstealer persistence spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

c9c15c614ea8a43be81ad6da31b320a1577f142ee1ec84e498bede89d360bdb3.exe

Resource

win7-20220901-en

isrstealer persistence spyware stealer trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

c9c15c614ea8a43be81ad6da31b320a1577f142ee1ec84e498bede89d360bdb3.exe

Resource

win10v2004-20221111-en

isrstealer spyware stealer trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  c9c15c614ea8a43be81ad6da31b320a1577f142ee1ec84e498bede89d360bdb3
- Size
  
  480KB
- MD5
  
  84730977d3c5921ce72f06569e0303d7
- SHA1
  
  0136a583df02745bdc1bbef21e6bf395a07a87ab
- SHA256
  
  c9c15c614ea8a43be81ad6da31b320a1577f142ee1ec84e498bede89d360bdb3
- SHA512
  
  9f4b3eecb443f0b7b8cfc30dec73a2e04d639406e6c7c945382173d8bd11d12d28bb9e4888469ea0873e8f0c5b43ec0e9f3b6688afb8242dec451a353aa9e368
- SSDEEP
  
  12288:diJu+2t874tMkvsVSKgMG5PJVSiFCtDM:druNMMG5nSiFCtD
Score

10^/10

isrstealer persistence spyware stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerpersistencespywarestealertrojanupx

behavioral2

isrstealerspywarestealertrojanupx

© 2018-2024

Terms | Privacy