isrstealer | b65bddfdd38dcb5273f352520fb73d291ee8d33a29281a3c44d8b05fd9c86c84 | Triage

Submit
Reports

Overview

overview

Static

static

3

activsky.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_b8273d82958aad1a45b0bc74b081630d
Size

1.2MB
Sample

250414-sfsmxszjt4
MD5

b8273d82958aad1a45b0bc74b081630d
SHA1

caf8318ec1d042ebf1e6957ccd02cdb25f2ab908
SHA256

b65bddfdd38dcb5273f352520fb73d291ee8d33a29281a3c44d8b05fd9c86c84
SHA512

a0df00272b979e28fbe79202f225f2a127a735cb440b91381fd867bef13cbf5ed4c69338e5575eb06a756d86ae4db6c318c6a254d97c522428a96234482f34ab
SSDEEP

24576:pOE3ntrIo6ghdFxR4Afc9KAF6tEgRHKYAGBO3W1AgXGxXb+DxZ5R4ay:kE3tN134AfkKG6BvAuOQA/xXYxv1y

Score

10^/10

isrstealer discovery stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

activsky.exe

Resource

win10v2004-20250410-en

isrstealer discovery stealer trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  activsky.exe
- Size
  
  1.3MB
- MD5
  
  6ae22628035c2a1876b004ecd790fb71
- SHA1
  
  7a5fa1a07f8618b53c9f82b2dab9b776aebc28a7
- SHA256
  
  43181188b83edadb44e2b8e3c68712031dbe0e74f5842eb13165479e0a6b5be2
- SHA512
  
  5fac40cd6c31bf77898db633e1b15193da0ecc5f34c0b473396fa6d1cfd4683c37738b4c1d45333b039dd1efe4fca2c1e57693d0cc65d10db735289b5ce64948
- SSDEEP
  
  24576:0njz8owghhbbR4EdchKOCF2tEgXHKOYsuM3WBA0XGDXd+DxR5R8a6:0j/zt4EdWKn2nNYsuMuALDXuxnN6
Score

10^/10

isrstealer discovery stealer trojan upx
- ISR Stealer
  ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
  trojan stealer isrstealer
- ISR Stealer payload
- Isrstealer family
  isrstealer
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

isrstealerdiscoverystealertrojanupx

© 2018-2025

Terms | Privacy