MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f6ab8e020a5d8bec45b8b0968c38a145c78d4165a115f41f6c295c2bd5845a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Neshta


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f6ab8e020a5d8bec45b8b0968c38a145c78d4165a115f41f6c295c2bd5845a8
SHA3-384 hash: 4edd8f8135fda2bf1a081f2e0aea890ef4547003bd9a9d0fdacdff8b9d1e36dcf2c7d5ceada40dca7effe993235f710d
SHA1 hash: 5f5fd8b9b203807b849ea8c98be8b5e95dc82d07
MD5 hash: 244a277501a7acf0752714c66526f8ca
humanhash: zebra-cola-princess-johnny
File name:PO#7A68D20.zip
Download: download sample
Signature Neshta
Create hunting rule
File size:670'831 bytes
First seen:2020-07-09 04:21:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:HVMi7E8rBkrTHh1Z/WeeG7bbaLRJuHoMoypYw0fjh0XJb+hrWExFdIou5+D8T74Q:1M6FrqHh1Z5eUbOLRUIKew0fjhm+dR1g
TLSH F4E433FD9939F59EA1306618E73CA21803766CBA1988338FADD81008D94CDF7D5DE927
Reporter cocaman
Tags:Neshta zip


Avatar
cocaman
Malicious email
From: chusui <chusui@tzdegree.com>
Received: from tzdegree.com (unknown [103.140.250.133])
Date: 08 Jul 2020 21:15:09 -0700
Subject: NEW PO FROM ALANTECH MACHINERY CO.,LTD QTTY (PO#7A68D20),
Attachment: PO#7A68D20.zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.ENWJ.14289.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2f6ab8e020a5d8bec45b8b0968c38a145c78d4165a115f41f6c295c2bd5845a8/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 04:11:05 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=f5vlrybauxml5rc3rmewrq4kcrohrvawliiv6qpwykk4fpkyiwua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Neshta

zip 2f6ab8e020a5d8bec45b8b0968c38a145c78d4165a115f41f6c295c2bd5845a8

(this sample)

Neshta

Executable exe b54934cb8e1ff68d2c4306e5a6eb0f9e649ad1680960253c0cfa0c35a6c4d313

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b54934cb8e1ff68d2c4306e5a6eb0f9e649ad1680960253c0cfa0c35a6c4d313

Comments