isrstealer | 61ba14e415c7c25cb55814c83b8921907c3d0cb24fe8ebe4e2d79d1d7f9f0ded | Triage

Submit
Reports

Overview

overview

Static

static

3

572b0a1dc3...72.exe

windows7-x64

572b0a1dc3...72.exe

windows10-2004-x64

Sharing

General

Target

572b0a1dc3f6452bd60bc4c2271fa972
Size

264KB
Sample

240112-wzmgssdgg3
MD5

572b0a1dc3f6452bd60bc4c2271fa972
SHA1

f4560af2b524b8a1fd4d6196187ad38d4aa28b39
SHA256

61ba14e415c7c25cb55814c83b8921907c3d0cb24fe8ebe4e2d79d1d7f9f0ded
SHA512

e3c4d319d34a586578155948722c0403c5a42e9a7e32fddd82e3733653ba587bc8df9012eb322bf3946ad83b561a275b5b0686abce543efaa6a94e4a6ef022eb
SSDEEP

6144:PlC7pFKGULN4W420m8nCBozjrSPq0jGJxKZuW:spUNO20m8nCBTd

Score

10^/10

isrstealer spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

572b0a1dc3f6452bd60bc4c2271fa972.exe

Resource

win7-20231129-en

isrstealer spyware stealer trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

572b0a1dc3f6452bd60bc4c2271fa972.exe

Resource

win10v2004-20231215-en

isrstealer spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  572b0a1dc3f6452bd60bc4c2271fa972
- Size
  
  264KB
- MD5
  
  572b0a1dc3f6452bd60bc4c2271fa972
- SHA1
  
  f4560af2b524b8a1fd4d6196187ad38d4aa28b39
- SHA256
  
  61ba14e415c7c25cb55814c83b8921907c3d0cb24fe8ebe4e2d79d1d7f9f0ded
- SHA512
  
  e3c4d319d34a586578155948722c0403c5a42e9a7e32fddd82e3733653ba587bc8df9012eb322bf3946ad83b561a275b5b0686abce543efaa6a94e4a6ef022eb
- SSDEEP
  
  6144:PlC7pFKGULN4W420m8nCBozjrSPq0jGJxKZuW:spUNO20m8nCBTd
Score

10^/10

isrstealer spyware stealer trojan
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

isrstealerspywarestealertrojan

behavioral2

isrstealerspywarestealertrojan

© 2018-2024

Terms | Privacy