MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a4e39bf9b1861a4c8dcb463c71e15b778db66660b7075400c99d844bf270cd3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ISRStealer


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a4e39bf9b1861a4c8dcb463c71e15b778db66660b7075400c99d844bf270cd3
SHA3-384 hash: fb68d9d1a0fa634c34bf9e669558b5139f73d183bd821b69a34fae1aa5e5feed5eda624728f3200a8328bb7c2d652e49
SHA1 hash: 394eb4f8acc6d93118bb00c224d2d1c9eefd83b3
MD5 hash: 04faed3d1be3861381d3069007e926c9
humanhash: shade-red-victor-foxtrot
File name:SCAN001-PO-2 x 5kg HfO2.rar
Download: download sample
Signature ISRStealer
Create hunting rule
File size:552'131 bytes
First seen:2020-06-03 14:25:56 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:VqbhAGN20ncp4GHVI0evgGuq/z7+VWx8kVl9fsnpS6VbC:V1S20ncp5HVI0e3uq/mVHI3jQC
TLSH 4DC423A84D58737875D15B0C87AA1948B7DF40728CAE71F138BACCBFCF89548AB1646C
Reporter abuse_ch
Tags:ISRStealer rar


Avatar
abuse_ch
Malspam distributing ISRStealer:

HELO: alliedsoyatech.com
Sending IP: 95.211.208.25
From: Bonyan Alfadil <sales@alliedsoyatech.com>
Subject: PO for 2 x 5kg HfO2
Attachment: SCAN001-PO-2 x 5kg HfO2.rar (contains "SCAN001-PO-2 x 5kg HfO2.exe")

ISRStealer C2:
http://amayapalmgarden.lk/wp-admin/cgi/PHP/index

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27572.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 14:29:57 UTC
AV detection:
15 of 31 (48.39%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jjhdtp43dbq2jsg4wrr4ohqvw54nwztgbnyhkqamthmejpzhbtjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ISRStealer

rar 4a4e39bf9b1861a4c8dcb463c71e15b778db66660b7075400c99d844bf270cd3

(this sample)

ISRStealer

Executable exe 64b3a6adfac5ca856a15d9c0a22840056506562ae94233a30b2c8e32a7f61cda

  
Dropping
MD5 b192f4eb3271c0bfc58f5485cfa2b775
  
Dropping
ISRStealer
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 64b3a6adfac5ca856a15d9c0a22840056506562ae94233a30b2c8e32a7f61cda

Comments