MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 8ad94dc5d59aa1e9962c76fd5ca042e582566049a97aef9f5730ba779e5ebb91. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
ISRStealer
Vendor detections: 7
| SHA256 hash: | 8ad94dc5d59aa1e9962c76fd5ca042e582566049a97aef9f5730ba779e5ebb91 |
|---|---|
| SHA3-384 hash: | a511d93f9566b6d1cbee25666e91fe7464bd59df2baa086395c325fa613b53ad1cdc971ef4a89d8c3b38f332ba4c0408 |
| SHA1 hash: | 9777cd09c24d109b076f2ca75f62bd39d2117454 |
| MD5 hash: | ae69afd6230a8d5e272b919662e5489c |
| humanhash: | tennis-jig-hot-equal |
| File name: | SAUDI ARAMCO MASSIVE DUALIZATION AND EXPANSION OF SAUDI ARABIA GOVERNMENT OWNED OIL AND GAS COMPANIES.exe |
| Download: | download sample |
| Signature | ISRStealer |
| File size: | 1'121'112 bytes |
| First seen: | 2020-11-20 12:32:36 UTC |
| Last seen: | 2020-11-20 15:05:42 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | f34d5f2d4577ed6d9ceec516c1f5a744 (48'658 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger) |
| ssdeep | 12288:1G+GKTqlGmnNetywnE9MOHbjMaDks8L3gr6XQw:1GbmMiywnE9n/M0kf/ |
| Threatray | 495 similar samples on MalwareBazaar |
| TLSH | 2F35CF2E7B4CCE13D41D02B5C0DB9C501B74AE629613D64A3CE97BAC1A7A7D62D0E0DB |
| Reporter |  JAMESWT_WT |
| Tags: | ISRStealer |
Intelligence
File Origin
# of uploads :
2
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
Sending a UDP request
Unauthorized injection to a recently created process by context flags manipulation
Result
Gathering data
Result
Threat name:
ISRStealer MailPassView
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Signature
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Detected unpacking (creates a PE file in dynamic memory)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Passes username and password via HTTP get
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
Yara detected ISRStealer
Yara detected MailPassView
Behaviour
Behavior Graph:
Threat name:
Win32.Infostealer.Limitail
Status:
Malicious
First seen:
2017-10-02 06:15:50 UTC
File Type:
PE (.Net Exe)
Extracted files:
3
AV detection:
34 of 48 (70.83%)
Threat level:
5/5
Verdict:
malicious
Similar samples:
+ 485 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
8/10
Tags:
spyware upx
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
Suspicious use of SetThreadContext
Drops desktop.ini file(s)
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
UPX packed file
Unpacked files
SH256 hash:
8ad94dc5d59aa1e9962c76fd5ca042e582566049a97aef9f5730ba779e5ebb91
MD5 hash:
ae69afd6230a8d5e272b919662e5489c
SHA1 hash:
9777cd09c24d109b076f2ca75f62bd39d2117454
SH256 hash:
180e25a64a18047254cde2b762b680fead38682f5e86f5ccaef91b069fd3c43e
MD5 hash:
e56d51ee077b8fd4a58a1ceb993310e8
SHA1 hash:
d3b0761513859b9deda5c5edfc02b8e80727f0d5
SH256 hash:
a27a30cd8de8bb89a3e2c6597fa9ef018fd92d82763fe7644c76cce4a2710834
MD5 hash:
8b29b33a72116f635ea87fc2749a4816
SHA1 hash:
68413cb19ee2397824d2a731a42d95fbe39cd75b
Detections:
win_isr_stealer_a0
win_isr_stealer_auto
SH256 hash:
715472bbb65283ee8269de8b2d5f3c3284e52b5bd8022d59b87111db51be4d61
MD5 hash:
e78ad5a835a4423ddb8a1944204f21f5
SHA1 hash:
9f20909a5c25f4358e82180f3345ad974e983097
SH256 hash:
34e4a870213f0a360565cc7f22aa88f39068ff2ff1e5089e4ff571166eda90c9
MD5 hash:
0208c859f6da9e03bc54df7f006aa7e6
SHA1 hash:
3e98ce9290a931ab5fa015a92e5447152cf62920
SH256 hash:
68d2b3836067785a5cd49d5865600be455910d785d5804bd95712ad45ca570bd
MD5 hash:
5c2e3e961e093aee9a10910a9319a779
SHA1 hash:
7fd994ac92f1b9ef5179446539087bed0c266380
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Limitail
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
No further information available
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.