MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b74450716258153e3350edfafd11d5ae7f7d37a2484ec42517dc54e5010ddd48. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ISRStealer


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b74450716258153e3350edfafd11d5ae7f7d37a2484ec42517dc54e5010ddd48
SHA3-384 hash: 4e19e3f36f010d874f3de4506ecb349682f0f303d94013000b709c814a9b4c43f24808247d1a4a8eb9cb82ea008d5285
SHA1 hash: d9dc9b1b3ef1870a738802acbb47a43d1d987482
MD5 hash: 9014971e30b1abcec344f7603606c676
humanhash: seventeen-twenty-kentucky-twenty
File name:BANK DETAILS_PDF.gz
Download: download sample
Signature ISRStealer
Create hunting rule
File size:544'279 bytes
First seen:2020-11-07 11:28:16 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:piuna1eDIztlqp8cCpZ9Ow7jWGoFI4Zsj/MJ9jFvcXNjT9XEFlY/kG8WC9RdW6NV:MunLEzip8cC4wOGx4WgTRvc998oZIHdT
TLSH 71C4234E66EE29E65B78E7FCAC412F0D44B7B65E19F356CB7B32812A21390C7942D013
Reporter abuse_ch
Tags:gz ISRStealer


Avatar
abuse_ch
Malspam distributing ISRStealer:

HELO: prmail.shatel.com
Sending IP: 85.15.1.253
From: Accounts <a_nadakzadeh@ahvaz.shatel.ir>
Subject: Due Payment
Attachment: BANK DETAILS_PDF.gz (contains "BANK DETAILS_PDF.exe")

ISRStealer C2:
http://shanpak.com/wp-admin/PHP/index.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27271.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b74450716258153e3350edfafd11d5ae7f7d37a2484ec42517dc54e5010ddd48/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 09:16:29 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=w5cfa4lclakt4m2q5x5p2eovvz7x2n5cjbhmijix3rkokain3vea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ISRStealer

gz b74450716258153e3350edfafd11d5ae7f7d37a2484ec42517dc54e5010ddd48

(this sample)

ISRStealer

Executable exe e81b7365448d43584265f438b0291abdc8985c12f8b27246e8424ef941995f10

  
Dropping
MD5 2c0cb2b1bad99f3d8859cfddc00c5d35
  
Dropping
ISRStealer
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e81b7365448d43584265f438b0291abdc8985c12f8b27246e8424ef941995f10

Comments