MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6abec81da375b886b6e0fe09360f68980fcc3f51f00dbcdaf3a7945420e73b57. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Neshta


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6abec81da375b886b6e0fe09360f68980fcc3f51f00dbcdaf3a7945420e73b57
SHA3-384 hash: c238ea5201a52784e36cd85aebf9c2a7004f08a450b3ce2e5cc55731ca8d1c1073388acb067fe197012824af33ace591
SHA1 hash: c7c70d46a08ee09f94e65cadbb86eeb706989db5
MD5 hash: 1be75ae8266bee2a29b8846a503fbd44
humanhash: utah-item-early-enemy
File name:1be75ae8266bee2a29b8846a503fbd44
Download: download sample
Signature Neshta
Create hunting rule
File size:240'226 bytes
First seen:2021-10-21 10:59:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b76363e9cb88bf9390860da8e50999d2 (464 x Formbook, 184 x AgentTesla, 122 x SnakeKeylogger)
ssdeep 6144:wBlL/cgt4I8Cz2UzR9fzwDAJn1fPlj/fM9R:Ceap8mzbnNljM9R
TLSH T1A234122672C150B3CC874A77A873F739E3FAC6110231B7DB17581FBB1E586CA496A642
File icon (PE):PE icon
dhash icon b2a89c96a2cada72 (2'283 x Formbook, 981 x Loki, 803 x AgentTesla)
Reporter zbetcheckin
Tags:32 exe Neshta

Intelligence

File Origin
# of uploads :
1
# of downloads :
210
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/199060/
Detection(s):
SecuriteInfo.com.Gen.Variant.Nemesis.1800.19179.5629.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a file
Creating a window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/617148369a5a1e91c5cb2e90/reports/a2cbc659-8bc0-4d5a-b511-43321157527a/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Neshta
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/90dc7211-8d3a-4bfb-ad1a-e9a36b57a4f9
Result
Threat name:
FormBook Neshta
Create hunting rule
Detection:
malicious
Classification:
spre.troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/874505
Signature
Creates an undocumented autostart registry key
Drops executable to a common third party application directory
Drops PE files with a suspicious file extension
Infects executable files (exe, dll, sys, html)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Yara detected Neshta
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6abec81da375b886b6e0fe09360f68980fcc3f51f00dbcdaf3a7945420e73b57/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-10-21 08:01:03 UTC
AV detection:
23 of 45 (51.11%)
Threat level:
  5/5
Verdict:
malicious
Result
Malware family:
neshta
Create hunting rule
Score:
  10/10
Tags:
family:neshta persistence spyware stealer
Link:
https://tria.ge/reports/211021-m3zrvsbaej/
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Drops file in Program Files directory
Drops file in Windows directory
Loads dropped DLL
Reads user/profile data of web browsers
Modifies system executable filetype association
Neshta
Unpacked files
SH256 hash:
5f6da316b5b3af8ce1f809c52eb73bbbfbd64cc22e1ee62caa6650c9c771f2bb
MD5 hash:
357ecaf945039fbefbdb9a2fb53c0351
SHA1 hash:
6f4f563e545b07bf084c1888d95f1dbd66804623
Link:
https://www.unpac.me/results/b82df9b8-a5f2-44ce-8b3c-b732f2f7426c/
SH256 hash:
6abec81da375b886b6e0fe09360f68980fcc3f51f00dbcdaf3a7945420e73b57
MD5 hash:
1be75ae8266bee2a29b8846a503fbd44
SHA1 hash:
c7c70d46a08ee09f94e65cadbb86eeb706989db5
Link:
https://www.unpac.me/results/b82df9b8-a5f2-44ce-8b3c-b732f2f7426c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Neshta
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6abec81da375b886b6e0fe09360f68980fcc3f51f00dbcdaf3a7945420e73b57

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Neshta

Executable exe 6abec81da375b886b6e0fe09360f68980fcc3f51f00dbcdaf3a7945420e73b57

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/199060/
  
URLhaus
https://urlhaus.abuse.ch/url/1704664/

Comments


Avatar
zbet commented on 2021-10-21 10:59:49 UTC

url : hxxp://192.227.228.38/007007/vbc.exe