MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99e8e8f1ec69e184c986d1c35deb49f85df828936c933120edf58906c814ca53. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ISRStealer


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 99e8e8f1ec69e184c986d1c35deb49f85df828936c933120edf58906c814ca53
SHA3-384 hash: 0339464b8bcc0dbeaec76a1db72307bdec4498d0664c14c400bd6b65726606fdaa85940bf3a00e7048bf970a07cb307e
SHA1 hash: e2c89f2f1742f498bf20bac00ccec5ee3e02c3b5
MD5 hash: 2704335d963c38a8435d076853c15df6
humanhash: mexico-harry-virginia-spring
File name:New_Purchase_Order_from_SCG_(Thailand).exe
Download: download sample
Signature ISRStealer
Create hunting rule
File size:471'040 bytes
First seen:2020-04-30 07:35:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e82e8622604d45ecfcd0d99bbe03ddd0 (1 x ISRStealer)
ssdeep 12288:oe3h29GODWoV8k8W1uYdDyfVJG4uRgdl5WO/0rrSxCv74w7SQqa5DqrM/exSexe+:rh2BCS87FSv2SG
Threatray 354 similar samples on MalwareBazaar
TLSH 70A4CF878667C895CA2D35F65B5E40B0DF9F9824488EEA635FEB839C7B94D23078C053
Reporter jarumlus
Tags:ISRStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Midie-6995474-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2019-05-13 06:37:51 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
hawkeyekeylogger
Create hunting rule
emotet
Create hunting rule
guloader
Create hunting rule
Similar samples:
0d6437a1e212ba6c8b651098ae5863a45b1e81d201d3722bd52e0c6559898db8
ISRStealer
2f8712c8fe6a8c5cfb5edbe44c6e57d17fd112997a831f1b426e3a765031510c
ISRStealer
372d7ad682638210ae549422e43a44e7cff293013f6dfaf340c401384a7f03a5
ISRStealer
46356915a76c8b5b13e493440b38abc7bf9f795728bd8b5bc2bc4ef2bc251722
ISRStealer
58ead128df62a83e25018f9688b8f5718104158b7246c5c2a5ab53cd1ce975b4
ISRStealer
64b3a6adfac5ca856a15d9c0a22840056506562ae94233a30b2c8e32a7f61cda
ISRStealer
68101d145825fc980210f1f56638011d98eeaf5c53fb734b62a80dac6489f2e3
ISRStealer
8f4dce7ad41fd654a99038ce4b52b7b276795fd56a6c376eb58e40e4600ebe52
ISRStealer
973c6ca52f1749604a7ba4aeeb65e2e3ea610707651dd637199249bf4ba0b6ea
ISRStealer
f0e180d5a00ca5ab5c375261bd3b986b3ef7b5474fb5935b64caa7f02fb02148
ISRStealer
+ 344 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments