MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3db7b2974cb01c3cc9c32645c7ba55a6bfb202f20cf7518fce62559cf5652586. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ISRStealer


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3db7b2974cb01c3cc9c32645c7ba55a6bfb202f20cf7518fce62559cf5652586
SHA3-384 hash: a44be22f1d3bffde3f1b0d687fd2b05e487db31aec4aefa02017ef6bf3e2fc13439f5643f4df2ce8eb7a76b1a0697f8e
SHA1 hash: be6c6761a37fe079fd203f5b131c029164de5b69
MD5 hash: 218117f81f698d56e25733fd02d2e5ce
humanhash: kitten-uniform-table-green
File name:IMPORT-BOOKING DETAILS.xls.bit.zip
Download: download sample
Signature ISRStealer
Create hunting rule
File size:589'492 bytes
First seen:2020-11-16 13:10:52 UTC
Last seen:2020-11-16 13:13:40 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:Q5xv0KwVbIJfsGa47FWJG7vgXOSkAv7OyDL4y11jUC2M3vnLW7t:YZ/wVIVxa4557o+SkAvDDV1jUz3t
TLSH CCC433CD7C727AE4235DEFCA4C816A2DBD335B773D56B049628C8461CF0A401FDA89A9
Reporter cocaman
Tags:zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Hussain Khokhar <hussain.al@qasimlogistics.com>" (likely spoofed)
Received: "from qasimlogistics.com (unknown [103.53.41.195]) "
Date: "16 Nov 2020 17:17:42 +0530"
Subject: "FW: CUSTOMER ADVISORY - BOOKING/ IMPORT CONGESTION SURCHARGE FROM 19TH NOVEMBER 2020"
Attachment: "IMPORT-BOOKING DETAILS.xls.bit.zip"

Intelligence

File Origin
# of uploads :
2
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.LokiBot-9792233-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3db7b2974cb01c3cc9c32645c7ba55a6bfb202f20cf7518fce62559cf5652586/
Threat name:
Win32.Spyware.OutBreak
Create hunting rule
Status:
Suspicious
First seen:
2020-11-16 11:39:20 UTC
File Type:
Binary (Archive)
Extracted files:
48
AV detection:
25 of 29 (86.21%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hw33ff2mwaodzsodezc4posvu273eaxsbt3vdd6omjkzz5lfewda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ISRStealer

zip 3db7b2974cb01c3cc9c32645c7ba55a6bfb202f20cf7518fce62559cf5652586

(this sample)

ISRStealer

Executable exe 09abaa1b12ae6d7ed845027756e8852a39ac0a75fecf53f76c08ce48bdf58b91

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 09abaa1b12ae6d7ed845027756e8852a39ac0a75fecf53f76c08ce48bdf58b91

Comments