MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2fa257b3457501af1b8f73df993a0426cf7f48ae3c092fb8543faf4e5e99dce9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ISRStealer


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2fa257b3457501af1b8f73df993a0426cf7f48ae3c092fb8543faf4e5e99dce9
SHA3-384 hash: fb32e0ce98c732e7417d7a376073c424714c62f67780e41158d90eb7083028c1baa64c79b4290fa4cbe2cb0a36a4a859
SHA1 hash: 9f92ca8acce3719b534e5220a2b5c7e553a97684
MD5 hash: e8a363ee1e773f251d4bde0276dc9139
humanhash: winter-river-white-leopard
File name:2fa257b3457501af1b8f73df993a0426cf7f48ae3c092fb8543faf4e5e99dce9
Download: download sample
Signature ISRStealer
Create hunting rule
File size:1'236'954 bytes
First seen:2020-11-12 14:18:01 UTC
Last seen:2024-07-24 12:45:44 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 3eaa732d4dae53340f9646bdd85dac41 (11 x NetSupport, 6 x RedLineStealer, 4 x ISRStealer)
ssdeep 24576:oT9++p85tzMbWNlGfZ63RFov4cKs8ipYwQ5DsQgektWydh:t+p85lMbTZ6hF84RapYwQeukF
Threatray 594 similar samples on MalwareBazaar
TLSH D745CF042B58C572C20CCD3FCDB992F1AD613C50D74DC557A7BA3E3634339AAAA31AA5
Reporter seifreed
Tags:ISRStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file
Enabling the 'hidden' option for recently created files
Creating a process from a recently created file
Deleting a recently created file
Launching a process
Reading critical registry keys
Creating a file in the %temp% directory
DNS request
Sending an HTTP GET request
Sending a custom TCP request
BSOD occurred
Searching for the window
Setting a single autorun event
Stealing user critical data
Enabling autorun by creating a file
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2fa257b3457501af1b8f73df993a0426cf7f48ae3c092fb8543faf4e5e99dce9/
Threat name:
Win32.Trojan.Uztuby
Create hunting rule
Status:
Malicious
First seen:
2020-11-12 14:21:27 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=f6rfpm2foua26g4poppzsoqee3hx6sfohqes7ocuh6xu4xuz3tuq._file
Verdict:
malicious
Similar samples:
1c9ac73de149a9df1d58572db60bfa8824470f11c109ea55b91aada0d6c8a2a6
ISRStealer
38701fe4b63d1436ba2e26cc7e268327299b58bcccbf074bfb2cbbcf57ceb2ea
ISRStealer
4c4881464fd7d95cfe2d60dfd7beff8dd9c3426c15c945500db1e8714374556c
ISRStealer
4cc5f468994fd62cc832482404cfc7e45232f059b9d355d3df41535a170b3470
ISRStealer
5df16511cfa1a09aa8ee25f478d1211c8ba4612520488f8ec07826d30927df05
ISRStealer
6066b9b33c7336497e3fe0b7b0eb04c8fa8d27accdaad763658cd29865b2236e
ISRStealer
ae9576df43dd4f5e8d48c6774e7bbbd1a6baaad219c4022dd49af9fdaec57d61
ISRStealer
b06c86dae636716a828d1dcc1e56ff8d6152fedba019b8da0ba0faa45aaebbd6
ISRStealer
b78996718e94fe9cf9cc228f474b774fd7bd54133762d183ba2e6c141b3a218a
ISRStealer
c0722d0e58ef57301d0883dcddf27c8eed901c9a01b186e6b400c48f7ff6a832
ISRStealer
+ 584 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion persistence spyware trojan upx
Link:
https://tria.ge/reports/201112-hay6h4nels/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of SetThreadContext
Adds Run key to start application
Checks whether UAC is enabled
Loads dropped DLL
Reads user/profile data of web browsers
Checks computer location settings
Executes dropped EXE
UPX packed file
Unpacked files
SH256 hash:
2fa257b3457501af1b8f73df993a0426cf7f48ae3c092fb8543faf4e5e99dce9
MD5 hash:
e8a363ee1e773f251d4bde0276dc9139
SHA1 hash:
9f92ca8acce3719b534e5220a2b5c7e553a97684
Link:
https://www.unpac.me/results/cd474991-9190-420a-92bc-5bfaaac75e28/
SH256 hash:
8a22987d4558365f70f38039b1591c44e73d53a249bfb340277e19635f95785a
MD5 hash:
3021ec1412e5b0d114df6be08b0a49c6
SHA1 hash:
858270554b640e0bb9dcc0b3e1abcce5472d8c2d
Link:
https://www.unpac.me/results/cd474991-9190-420a-92bc-5bfaaac75e28/
SH256 hash:
715472bbb65283ee8269de8b2d5f3c3284e52b5bd8022d59b87111db51be4d61
MD5 hash:
e78ad5a835a4423ddb8a1944204f21f5
SHA1 hash:
9f20909a5c25f4358e82180f3345ad974e983097
Link:
https://www.unpac.me/results/cd474991-9190-420a-92bc-5bfaaac75e28/
SH256 hash:
fa27b2b0b7b963db61725856aec82329f11af8a61ce25f94c2390440e1047755
MD5 hash:
61831b60155363591d2e71785e2a2e11
SHA1 hash:
cb3d2e29a8330e4926458acf65e2212efd027f9c
Detections:
win_isr_stealer_a0
Create hunting rule
win_isr_stealer_auto
Create hunting rule
Link:
https://www.unpac.me/results/cd474991-9190-420a-92bc-5bfaaac75e28/
Parent samples :
2fa257b3457501af1b8f73df993a0426cf7f48ae3c092fb8543faf4e5e99dce9
a742c060fde260f8c469d5dea7354bc08eeb6b7811305fd833268d2012dd9540
SH256 hash:
34e4a870213f0a360565cc7f22aa88f39068ff2ff1e5089e4ff571166eda90c9
MD5 hash:
0208c859f6da9e03bc54df7f006aa7e6
SHA1 hash:
3e98ce9290a931ab5fa015a92e5447152cf62920
Link:
https://www.unpac.me/results/cd474991-9190-420a-92bc-5bfaaac75e28/
SH256 hash:
68d2b3836067785a5cd49d5865600be455910d785d5804bd95712ad45ca570bd
MD5 hash:
5c2e3e961e093aee9a10910a9319a779
SHA1 hash:
7fd994ac92f1b9ef5179446539087bed0c266380
Link:
https://www.unpac.me/results/cd474991-9190-420a-92bc-5bfaaac75e28/
Parent samples :
78dda119ddc3b77095009f357809e3451bb897e51053601b1088ae5c61949097
4f619c7b4f54dd6ed7833880c8600334c42084a20c73d9b76973d45202a734c7
e116864cc4443f4179cd0938dd0ef49a4217e66ca3534d4d96bdd0d54f17ff0d
2107230497983a8313e0776ee14087ec2e7b9ebf63f39378f3d29846b7492f27
SH256 hash:
11c5bde13eec9aa190ec7258b8b43aa335994d7548e4242251b4d4ac9314a3c1
MD5 hash:
e5b0c37f44ed20187bcdeb908259de7e
SHA1 hash:
2fc3e262eb1a0a837215e5b1cabff211311b0487
Link:
https://www.unpac.me/results/cd474991-9190-420a-92bc-5bfaaac75e28/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Blueso
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2fa257b3457501af1b8f73df993a0426cf7f48ae3c092fb8543faf4e5e99dce9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments