MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a742c060fde260f8c469d5dea7354bc08eeb6b7811305fd833268d2012dd9540. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ISRStealer


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a742c060fde260f8c469d5dea7354bc08eeb6b7811305fd833268d2012dd9540
SHA3-384 hash: 01000040be2a7d6224e6f59d759c7ba20097b95eca12cd42c994f90a1537625ba3ebe1d55996ffc09e93dbce5a218c1f
SHA1 hash: 036be253aa400e01a3742d963e1bf86601f65e39
MD5 hash: 038636b2c1067b5c7a0901f3a3526467
humanhash: seven-salami-spaghetti-ohio
File name:164cfe6eada25d9bceb6af0d2863765d
Download: download sample
Signature ISRStealer
Create hunting rule
File size:1'236'954 bytes
First seen:2020-11-17 11:25:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3eaa732d4dae53340f9646bdd85dac41 (11 x NetSupport, 6 x RedLineStealer, 4 x ISRStealer)
ssdeep 24576:EpZ/8p85tzMbWNlGfZ63RFov4cKs8ipYwQ5DsQgektWydh:e8p85lMbTZ6hF84RapYwQeukF
Threatray 616 similar samples on MalwareBazaar
TLSH 1045CF042B58C572C20CCD3FCDB992F1AD613C50D74DC557A7BA3E3634339AAAA31AA5
Reporter seifreed
Tags:ISRStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file
Enabling the 'hidden' option for recently created files
Creating a process from a recently created file
Deleting a recently created file
Launching a process
Reading critical registry keys
Creating a file in the %temp% directory
DNS request
Sending an HTTP GET request
Sending a custom TCP request
BSOD occurred
Searching for the window
Setting a single autorun event
Stealing user critical data
Enabling autorun by creating a file
Unauthorized injection to a system process
Result
Verdict:
0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a742c060fde260f8c469d5dea7354bc08eeb6b7811305fd833268d2012dd9540/
Threat name:
Win32.Trojan.Blueso
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 11:26:13 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=u5bmayh54jqprrdj2xpkonklychow23yceyf7wbte2gsaew5svaa._file
Verdict:
malicious
Similar samples:
2fa257b3457501af1b8f73df993a0426cf7f48ae3c092fb8543faf4e5e99dce9
ISRStealer
38701fe4b63d1436ba2e26cc7e268327299b58bcccbf074bfb2cbbcf57ceb2ea
ISRStealer
4c4881464fd7d95cfe2d60dfd7beff8dd9c3426c15c945500db1e8714374556c
ISRStealer
4cc5f468994fd62cc832482404cfc7e45232f059b9d355d3df41535a170b3470
ISRStealer
5df16511cfa1a09aa8ee25f478d1211c8ba4612520488f8ec07826d30927df05
ISRStealer
6066b9b33c7336497e3fe0b7b0eb04c8fa8d27accdaad763658cd29865b2236e
ISRStealer
ae9576df43dd4f5e8d48c6774e7bbbd1a6baaad219c4022dd49af9fdaec57d61
ISRStealer
b78996718e94fe9cf9cc228f474b774fd7bd54133762d183ba2e6c141b3a218a
ISRStealer
d265fcb40a443162e0da3274ca4a0c81418c12756b929b29f34688abddae01b5
ISRStealer
f163f4788da0d445dec687df7d215b6af3c4bea10589fa268e6aff20ff335510
ISRStealer
+ 606 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion persistence spyware trojan upx
Link:
https://tria.ge/reports/201117-zgqkjy6sb2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies registry class
Program crash
Suspicious use of SetThreadContext
Adds Run key to start application
Checks whether UAC is enabled
Loads dropped DLL
Reads user/profile data of web browsers
Checks computer location settings
Executes dropped EXE
UPX packed file
Unpacked files
SH256 hash:
a742c060fde260f8c469d5dea7354bc08eeb6b7811305fd833268d2012dd9540
MD5 hash:
038636b2c1067b5c7a0901f3a3526467
SHA1 hash:
036be253aa400e01a3742d963e1bf86601f65e39
Link:
https://www.unpac.me/results/265915da-6a66-4aad-9818-72f93b6730e9/
SH256 hash:
8a22987d4558365f70f38039b1591c44e73d53a249bfb340277e19635f95785a
MD5 hash:
3021ec1412e5b0d114df6be08b0a49c6
SHA1 hash:
858270554b640e0bb9dcc0b3e1abcce5472d8c2d
Link:
https://www.unpac.me/results/265915da-6a66-4aad-9818-72f93b6730e9/
SH256 hash:
fa27b2b0b7b963db61725856aec82329f11af8a61ce25f94c2390440e1047755
MD5 hash:
61831b60155363591d2e71785e2a2e11
SHA1 hash:
cb3d2e29a8330e4926458acf65e2212efd027f9c
Detections:
win_isr_stealer_a0
Create hunting rule
win_isr_stealer_auto
Create hunting rule
Link:
https://www.unpac.me/results/265915da-6a66-4aad-9818-72f93b6730e9/
Parent samples :
2fa257b3457501af1b8f73df993a0426cf7f48ae3c092fb8543faf4e5e99dce9
a742c060fde260f8c469d5dea7354bc08eeb6b7811305fd833268d2012dd9540
SH256 hash:
715472bbb65283ee8269de8b2d5f3c3284e52b5bd8022d59b87111db51be4d61
MD5 hash:
e78ad5a835a4423ddb8a1944204f21f5
SHA1 hash:
9f20909a5c25f4358e82180f3345ad974e983097
Link:
https://www.unpac.me/results/265915da-6a66-4aad-9818-72f93b6730e9/
SH256 hash:
34e4a870213f0a360565cc7f22aa88f39068ff2ff1e5089e4ff571166eda90c9
MD5 hash:
0208c859f6da9e03bc54df7f006aa7e6
SHA1 hash:
3e98ce9290a931ab5fa015a92e5447152cf62920
Link:
https://www.unpac.me/results/265915da-6a66-4aad-9818-72f93b6730e9/
SH256 hash:
68d2b3836067785a5cd49d5865600be455910d785d5804bd95712ad45ca570bd
MD5 hash:
5c2e3e961e093aee9a10910a9319a779
SHA1 hash:
7fd994ac92f1b9ef5179446539087bed0c266380
Link:
https://www.unpac.me/results/265915da-6a66-4aad-9818-72f93b6730e9/
Parent samples :
78dda119ddc3b77095009f357809e3451bb897e51053601b1088ae5c61949097
4f619c7b4f54dd6ed7833880c8600334c42084a20c73d9b76973d45202a734c7
e116864cc4443f4179cd0938dd0ef49a4217e66ca3534d4d96bdd0d54f17ff0d
2107230497983a8313e0776ee14087ec2e7b9ebf63f39378f3d29846b7492f27
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments