isrstealer | a4c3779c665ff0b55ad100d952211b8a0d7d063764ad85811e239124535d6cc9 | Triage

Submit
Reports

Overview

overview

Static

static

3

2de955495a...1a.exe

windows7-x64

2de955495a...1a.exe

windows10-2004-x64

Sharing

General

Target

2de955495a987336b32f27d3e84d8c1a
Size

205KB
Sample

231231-jl8fwsdbe3
MD5

2de955495a987336b32f27d3e84d8c1a
SHA1

7609b0324872ebdd2e74f485ca0bba8dfa30cff9
SHA256

a4c3779c665ff0b55ad100d952211b8a0d7d063764ad85811e239124535d6cc9
SHA512

8b717fd9da4d56f5a680b82822c8c063f7766d5f6d45fd90c0850852594e5ccb722c2528945a08497c672764919dacdcb666463f1bbd2f5075212c5393b3c59a
SSDEEP

3072:JM2kKQtv3vwsyclCPCRnglKDqvTQCfzRaPP8/eR:oJv/ws6PCBgkDSYF

Score

10^/10

isrstealer persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2de955495a987336b32f27d3e84d8c1a.exe

Resource

win7-20231215-en

isrstealer persistence stealer trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2de955495a987336b32f27d3e84d8c1a.exe

Resource

win10v2004-20231222-en

isrstealer persistence stealer trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  2de955495a987336b32f27d3e84d8c1a
- Size
  
  205KB
- MD5
  
  2de955495a987336b32f27d3e84d8c1a
- SHA1
  
  7609b0324872ebdd2e74f485ca0bba8dfa30cff9
- SHA256
  
  a4c3779c665ff0b55ad100d952211b8a0d7d063764ad85811e239124535d6cc9
- SHA512
  
  8b717fd9da4d56f5a680b82822c8c063f7766d5f6d45fd90c0850852594e5ccb722c2528945a08497c672764919dacdcb666463f1bbd2f5075212c5393b3c59a
- SSDEEP
  
  3072:JM2kKQtv3vwsyclCPCRnglKDqvTQCfzRaPP8/eR:oJv/ws6PCBgkDSYF
Score

10^/10

isrstealer persistence stealer trojan
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scripting

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

isrstealerpersistencestealertrojan

behavioral2

isrstealerpersistencestealertrojan

© 2018-2024

Terms | Privacy