MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 541a58b5295a0013cefc55bf1eaead5b22938f0b6c1fae361bd6a389120986b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Neshta


Vendor detections: 6


Intelligence 6 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 541a58b5295a0013cefc55bf1eaead5b22938f0b6c1fae361bd6a389120986b1
SHA3-384 hash: 305ccf8239cbf456b17e4602ba8f3bbc6258adecc0ac0c8c8ae33d9af53be75c5a6bf92337633f66b9d938e4f189c572
SHA1 hash: bad69c1ec934a805dca1d177661ac443248ea551
MD5 hash: 4ce0e6ca2015b880bd2e482f72c78a68
humanhash: seventeen-north-thirteen-snake
File name:INV 75443.img
Download: download sample
Signature Neshta
Create hunting rule
File size:1'310'720 bytes
First seen:2023-10-12 08:19:08 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:/cQ2iN1Bdc8YY4HmfsF5aBgvBHf8Qx1u+nCB7U8T27mI5s15/tnKO2b5zBp:/cQ1nM8YYCqgvNnuEC727DwDyF
TLSH T1ED5523443368EB57D2BE6FF801B115A15372B7290661D70C3E8C22CE0FB6B968755B93
TrID 50.6% (.ISO/UDF) UDF disc image (2114500/1/6)
49.0% (.NULL) null bytes (2048000/1)
0.1% (.ATN) Photoshop Action (5007/6/1)
0.0% (.ISO) ISO 9660 CD image (2545/36/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
Reporter cocaman
Tags:img Neshta payment


Avatar
cocaman
Malicious email (T1566.001)
From: "Yulia Antoshina <antoshina_yu@vhn.ru>" (likely spoofed)
Received: "from hosted-by.rootlayer.net (unknown [185.222.58.82]) "
Date: "9 Oct 2023 20:38:22 +0200"
Subject: "Payment in process - project #1021 (30% deposit)"
Attachment: "INV 75443.img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
NO NO
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:JAAESPET.EXE
File size:749'568 bytes
SHA256 hash: 68244f7b16e355e88f752ab26bd7290c019fad11d862754e9b5789ca15c263f1
MD5 hash: 46aa3b4ff64a6ae174cbe469190ec1ae
MIME type:application/x-dosexec
Signature Neshta
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
context-iso packed
Link:
https://www.filescan.io/uploads/6527ac368d16e62970c2ad77/reports/00f5da47-04d3-496b-be73-ece399252504/overview
Verdict:
Malicious
Labled as:
Possibl.E94332FB
Link:
https://www.hybrid-analysis.com/sample/541a58b5295a0013cefc55bf1eaead5b22938f0b6c1fae361bd6a389120986b1
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/541a58b5295a0013cefc55bf1eaead5b22938f0b6c1fae361bd6a389120986b1/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2023-10-09 16:54:00 UTC
File Type:
Binary (Archive)
Extracted files:
26
AV detection:
15 of 36 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kqnfrnjjliabhtx4kw7r5lvnlmrjhdylnqp24nq322ryseqjq2yq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Neshta

img 541a58b5295a0013cefc55bf1eaead5b22938f0b6c1fae361bd6a389120986b1

(this sample)

Neshta

Executable exe 68244f7b16e355e88f752ab26bd7290c019fad11d862754e9b5789ca15c263f1

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 68244f7b16e355e88f752ab26bd7290c019fad11d862754e9b5789ca15c263f1
  
Dropping
MD5 46aa3b4ff64a6ae174cbe469190ec1ae

Comments