MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52055c63e2a063c0d4489918ff3bc7e63c9ff94bb56ad95003d8594d01bb81d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 52055c63e2a063c0d4489918ff3bc7e63c9ff94bb56ad95003d8594d01bb81d2
SHA3-384 hash: 7a0a2173258371b51df83d2a5663a60503983cdcc8190eeab48e6d20d12108e1d82b2ef4e10facf44b333c87a236f1d6
SHA1 hash: 97fade6d4f0bf394f9dee5efcd1f62608d35323f
MD5 hash: 60e87ae5277633e568595b5c1f39c58e
humanhash: michigan-wisconsin-five-chicken
File name:Bitcoin 25% interest.exe
Download: download sample
File size:412'160 bytes
First seen:2020-06-22 13:33:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9f4693fc0c511135129493f2161d1e86 (250 x Neshta, 15 x Formbook, 14 x AgentTesla)
ssdeep 6144:k9BmVl8VU+eH8nkvu1FxLTUrSgBttoTC6bDhRUAFwrpIuG0Hy:mHkvu1FRTSDxoOqhRHFwrpIX0Hy
Threatray 19 similar samples on MalwareBazaar
TLSH 9F94F198E2A99AFBCC2878F87C11F1C334FE62D499E9C37687EDC82A76DC51965440D0
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Neshta
Create hunting rule
Link:
https://www.capesandbox.com/analysis/12615/
Detection(s):
Win.Trojan.Neshuta-1
Create hunting rule

PUA.Win.Packer.Pequake-4
Create hunting rule

Sanesecurity.Rogue.0hr.20200621-1208.UNOFFICIAL
Create hunting rule

Win.Trojan.SatoshiBypass-6853426-0
Create hunting rule

Win.Virus.Neshta-7101689-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Win.Trojan.Jadtre-5
Create hunting rule

Result
Threat name:
Neshta
Create hunting rule
Detection:
malicious
Classification:
spre.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/377965
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 241115 Sample: 52055c63e2a063c0d4489918ff3... Startdate: 24/06/2020 Architecture: WINDOWS Score: 100 49 Antivirus detection for dropped file 2->49 51 Antivirus / Scanner detection for submitted sample 2->51 53 Multi AV Scanner detection for submitted file 2->53 55 4 other signatures 2->55 7 52055c63e2a063c0d4489918ff3bc7e63c9ff94bb56ad95003d8594d01bb81d2.exe 4 2->7         started        11 svchost.com 2->11         started        13 svchost.com 2->13         started        process3 file4 31 C:\Windows\svchost.com, PE32 7->31 dropped 33 52055c63e2a063c0d4...3d8594d01bb81d2.exe, PE32 7->33 dropped 35 C:\ProgramData\Adobe\Setup\...\setup.exe, PE32 7->35 dropped 37 125 other files (35 malicious) 7->37 dropped 59 Creates an undocumented autostart registry key 7->59 61 Drops PE files with a suspicious file extension 7->61 63 Drops executable to a common third party application directory 7->63 15 52055c63e2a063c0d4489918ff3bc7e63c9ff94bb56ad95003d8594d01bb81d2.exe 4 6 7->15         started        signatures5 process6 file7 39 C:\Users\user\AppData\...\AcroRd32.exe, PE32 15->39 dropped 41 52055c63e2a063c0d4...94d01bb81d2.exe.log, ASCII 15->41 dropped 43 C:\Users\user\AppData\Local\...\Chrome32.exe, PE32 15->43 dropped 45 Drops executables to the windows directory (C:\Windows) and starts them 15->45 47 Drops executable to a common third party application directory 15->47 19 svchost.com 1 15->19         started        signatures8 process9 file10 23 C:\Program Files (x86)\...\updater.exe, PE32 19->23 dropped 25 C:\Program Files (x86)\...\helper.exe, PE32 19->25 dropped 27 C:\Program Files (x86)\...\pingsender.exe, PE32 19->27 dropped 29 34 other files (4 malicious) 19->29 dropped 57 Drops executable to a common third party application directory 19->57 signatures11
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/52055c63e2a063c0d4489918ff3bc7e63c9ff94bb56ad95003d8594d01bb81d2/
Threat name:
Win32.Virus.Neshta
Create hunting rule
Status:
Malicious
First seen:
2020-06-21 01:09:27 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kicvyy7cubr4bvcitemp6o6h4y6j76klwvvnsuad3bmu2an3qhja._file
Verdict:
suspicious
Similar samples:
0283c0f02307adc4ee46c0382df4b5d7b4eb80114fbaf5cb7fe5412f027d165e
0a5e60319a443610bd184d1d0140036332d56430e32976e79c6aeec24be7d701
147c11e1c610932b1c2e0413ff84b3e6db9b4e4da9a62294fae5e25aac590013
1954e06fc952a5a0328774aaf07c23970efd16834654793076c061dffb09a7eb
30906d9b754f0687ae3970b83f619a22cf338a478ef6a4165a8f7e378903f616
5261874485f9fe16a78a558734e8652f93db1d544f3be331e7f6adc06f43ee98
8ccce2a5d01211e5db0bcc8721dbea06422c5f3133466e4945e4d301d44df3b2
b54934cb8e1ff68d2c4306e5a6eb0f9e649ad1680960253c0cfa0c35a6c4d313
c2c82ee2700333d677bee2937f99b1e5657f339e23c27b5b7d2a397b672fffd9
e1614a878888eddb3296e856dc5f4e63a926b9e4c899cf09da12a8f477ace4cf
+ 9 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence spyware
Link:
https://tria.ge/reports/200624-2yfjbvpmpn/
Behaviour
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Drops file in Program Files directory
Drops file in Windows directory
Adds Run entry to start application
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Modifies system executable filetype association
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/12615/

Comments