MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d5f2db3ab23b9d7e49c141add2e501a13c886ad422d1cf46f2c955cb0a3f400. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Neshta


Vendor detections: 7


Intelligence 7 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7d5f2db3ab23b9d7e49c141add2e501a13c886ad422d1cf46f2c955cb0a3f400
SHA3-384 hash: af3c8c969220e486c1ed733640bb27a560f59ed75d576141dc175db128fd81ed70512c2aef78e7f7d88c65b27d4939a1
SHA1 hash: 482311e7da4b4d6549312467aa02da5116acce6b
MD5 hash: e907bdefdf9098a9f1b473a3e2e55633
humanhash: harry-south-lemon-july
File name:Soa.img
Download: download sample
Signature Neshta
Create hunting rule
File size:1'310'720 bytes
First seen:2023-08-16 13:05:32 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:554lrrOdf21dnWRvCsQ2/aSqAo3WMov9c0gHiQbW8KqIZgrhVsAty857q4f8:554lX++D4LiSqdE+HiQyoIULsA95m4
TLSH T137552360676C53B3C5FD9FB994A062048B7294723250E36979CD7AEA1FA23070B09F5F
TrID 50.6% (.ISO/UDF) UDF disc image (2114500/1/6)
49.0% (.NULL) null bytes (2048000/1)
0.1% (.ATN) Photoshop Action (5007/6/1)
0.0% (.ISO) ISO 9660 CD image (2545/36/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
Reporter cocaman
Tags:img Neshta


Avatar
cocaman
Malicious email (T1566.001)
From: "accountsmalbros@oasisgrp.in" (likely spoofed)
Received: "from oasisgrp.in (unknown [94.156.102.47]) "
Date: "14 Aug 2023 03:40:21 +0200"
Subject: "RE:SOA"
Attachment: "Soa.img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:DIEWWZND.EXE
File size:709'632 bytes
SHA256 hash: a867eb46763ccee8962f882a1cb2cdca5bb654881c4e2c4a20bd88713ba8818a
MD5 hash: 01d879739c82462d9b8ca2e55fd373a0
MIME type:application/x-dosexec
Signature Neshta
Vendor Threat Intelligence
Detection(s):
Porcupine.Malware.58887.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.PackedNET.2270.10606.11821.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
78%
Tags:
context-iso packed
Link:
https://www.filescan.io/uploads/64dcc9bbb3ff67c5573aa3c2/reports/5b5260f4-e897-49a6-a61c-605a1df6a7c8/overview
Verdict:
Malicious
Labled as:
Possibl.E94332FB
Link:
https://www.hybrid-analysis.com/sample/7d5f2db3ab23b9d7e49c141add2e501a13c886ad422d1cf46f2c955cb0a3f400
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7d5f2db3ab23b9d7e49c141add2e501a13c886ad422d1cf46f2c955cb0a3f400/
Threat name:
ByteCode-MSIL.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2023-08-14 02:21:19 UTC
File Type:
Binary (Archive)
Extracted files:
11
AV detection:
18 of 38 (47.37%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pvps3m5leo45pze4cqnn2lsqdij4rbvniiwrz5dpfskvzmfd6qaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7d5f2db3ab23b9d7e49c141add2e501a13c886ad422d1cf46f2c955cb0a3f400

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Neshta

img 7d5f2db3ab23b9d7e49c141add2e501a13c886ad422d1cf46f2c955cb0a3f400

(this sample)

Neshta

Executable exe a867eb46763ccee8962f882a1cb2cdca5bb654881c4e2c4a20bd88713ba8818a

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a867eb46763ccee8962f882a1cb2cdca5bb654881c4e2c4a20bd88713ba8818a
  
Dropping
Neshta

Comments