isrstealer | 11fdd2652e2b36df980e0ca3bc3416f62ef6096ed87d6f2d94bf78a3a4d0ab5d

Analysis

max time kernel
155s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2024 05:35

Target

482a4a14aa0ecf3db534b4f6e7991b46.exe
Size

432KB
MD5

482a4a14aa0ecf3db534b4f6e7991b46
SHA1

60da5b5530f8001e317660bc049ab061acc1af08
SHA256

11fdd2652e2b36df980e0ca3bc3416f62ef6096ed87d6f2d94bf78a3a4d0ab5d
SHA512

d6af301949b8f542748c02c7efca4ce34dd7ee7afdf1529ecac07eb402f5310e27061c7b9871fe6de9f229bcc6b0e62ab62f0624ee55eadb450c50236149f283
SSDEEP

6144:KIKQFmru0cdPj+13ndRRjrSBWTvOdzx1Xc1s83nlUJpn00D81L0Xmx/sMPfbVvlV:VLdPjwdT3SCu1MS8VO6/ZfJ97f1yqn

Score

10^/10

ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
trojan stealer isrstealer

ISR Stealer payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2484-9-0x0000000000A30000-0x0000000000A81000-memory.dmp	family_isrstealer

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

482a4a14aa0ecf3db534b4f6e7991b46.exe

description	pid	Process	procid_target
PID 2484 wrote to memory of 4520	2484	482a4a14aa0ecf3db534b4f6e7991b46.exe	96
PID 2484 wrote to memory of 4520	2484	482a4a14aa0ecf3db534b4f6e7991b46.exe	96
PID 2484 wrote to memory of 4520	2484	482a4a14aa0ecf3db534b4f6e7991b46.exe	96

C:\Users\Admin\AppData\Local\Temp\482a4a14aa0ecf3db534b4f6e7991b46.exe
"C:\Users\Admin\AppData\Local\Temp\482a4a14aa0ecf3db534b4f6e7991b46.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  2⤵
  PID:4520

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2484-0-0x00007FFB69190000-0x00007FFB69B31000-memory.dmp

Filesize
9.6MB

Download
memory/2484-1-0x00007FFB69190000-0x00007FFB69B31000-memory.dmp

Filesize
9.6MB

Download
memory/2484-2-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

Filesize
64KB

Download
memory/2484-3-0x000000001B9F0000-0x000000001BEBE000-memory.dmp

Filesize
4.8MB

Download
memory/2484-4-0x000000001B3B0000-0x000000001B456000-memory.dmp

Filesize
664KB

Download
memory/2484-5-0x00007FFB69190000-0x00007FFB69B31000-memory.dmp

Filesize
9.6MB

Download
memory/2484-6-0x00007FFB69190000-0x00007FFB69B31000-memory.dmp

Filesize
9.6MB

Download
memory/2484-7-0x000000001B460000-0x000000001B4CC000-memory.dmp

Filesize
432KB

Download
memory/2484-8-0x0000000000EE0000-0x0000000000EF0000-memory.dmp

Filesize
64KB

Download
memory/2484-9-0x0000000000A30000-0x0000000000A81000-memory.dmp

Filesize
324KB

Download
memory/2484-11-0x00007FFB69190000-0x00007FFB69B31000-memory.dmp

Filesize
9.6MB

Download