MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 997d1ffb13955190f89d7d6c712af1d2b8988cffdda524963f0963b4eb761d5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Neshta


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 997d1ffb13955190f89d7d6c712af1d2b8988cffdda524963f0963b4eb761d5a
SHA3-384 hash: e266e88b72f1e4853be65d5522728f763201cfd14ec876d3220d6e495e9d15fe103b42f03a476926f9104f87f0baf9da
SHA1 hash: 06ec98964ce0e4d64cfcf68b579fa28be7207a15
MD5 hash: 905db5df8d7a31ccd2c15fd5b90d3cd2
humanhash: five-aspen-network-eight
File name:New Inquiry.exe
Download: download sample
Signature Neshta
Create hunting rule
File size:253'784 bytes
First seen:2021-11-10 13:58:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7fa974366048f9c551ef45714595665e (946 x Formbook, 398 x Loki, 261 x AgentTesla)
ssdeep 6144:BGi+X0/XBs0+0s8ibpLMUSMIpeyvcpPx7xhtTTF+0z:8On+0slMUSMnoSxXVTcq
Threatray 188 similar samples on MalwareBazaar
TLSH T1FD4412D637D289A7C5C04E322A332A36D3ABE353A3750F531F7C2E9915A1506C12FAE5
File icon (PE):PE icon
dhash icon 64f4d4d4ecf4d4d4 (82 x SnakeKeylogger, 34 x AgentTesla, 24 x Formbook)
Reporter adrian__luca
Tags:exe Neshta

Intelligence

File Origin
# of uploads :
1
# of downloads :
130
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/204734/
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
75%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/618bd028dec3347825a13d06/reports/08e9b0e3-10dc-440c-9c90-92a730e50c40/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Neshta
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2a3be669-829d-47f3-acd6-7f741de10536
Result
Threat name:
FormBook Neshta
Create hunting rule
Detection:
malicious
Classification:
spre.troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/886800
Signature
Creates an undocumented autostart registry key
Drops executable to a common third party application directory
Drops PE files with a suspicious file extension
Infects executable files (exe, dll, sys, html)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Yara detected Neshta
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/997d1ffb13955190f89d7d6c712af1d2b8988cffdda524963f0963b4eb761d5a/
Threat name:
Win32.Backdoor.Zapchast
Create hunting rule
Status:
Malicious
First seen:
2021-11-10 13:59:05 UTC
AV detection:
17 of 45 (37.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tf6r76ytsvizb6e5pvwhckxr2k4jrdh73wssjfr7bfr3j23wdvna._file
Verdict:
malicious
Similar samples:
16cb5498c592fb2a32fa882aa0996591f067d77c50eedf69cda4d04ef93cab83
Neshta
21260151f07549ff5e1dc07ca6281d3fa876483f1dd014afde823fa0a0e0a1a2
Neshta
6449b0b19510e8c167d7bbc8a8471f81deadda1730c5889147589db21f30cd76
Neshta
a73f2d92c3d48bad18d6a33530cedee50fb1495030c752d406045c113eeabd0a
Neshta
afbae06f0ec7939e039a47b7579a98f269eca1be5625e7343267cf4bbb0d5709
Neshta
b0bd95ea0aa5de9849e555fc8a62f51e1406c6b4dc890ce9a63c9807184d9f0b
Neshta
b2ae47f62aa239fb6badfb8af83054c008e9c93d6fe1953732ec03029dc474ce
Neshta
e1b0ef4dd27c829683569165d98c902a8ed2f2eaa95b1540c6430f5ea3be0b3f
Neshta
+ 178 additional samples on MalwareBazaar
Result
Malware family:
neshta
Create hunting rule
Score:
  10/10
Tags:
family:neshta persistence spyware stealer
Link:
https://tria.ge/reports/211110-raecnshbc6/
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Drops file in Program Files directory
Drops file in Windows directory
Loads dropped DLL
Reads user/profile data of web browsers
Detect Neshta Payload
Modifies system executable filetype association
Neshta
Unpacked files
SH256 hash:
997d1ffb13955190f89d7d6c712af1d2b8988cffdda524963f0963b4eb761d5a
MD5 hash:
905db5df8d7a31ccd2c15fd5b90d3cd2
SHA1 hash:
06ec98964ce0e4d64cfcf68b579fa28be7207a15
Link:
https://www.unpac.me/results/81829de0-a4af-4342-ac01-4b08d6a40fc2/
Malware family:
XLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/997d1ffb1395/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/997d1ffb13955190f89d7d6c712af1d2b8988cffdda524963f0963b4eb761d5a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Neshta

Executable exe 997d1ffb13955190f89d7d6c712af1d2b8988cffdda524963f0963b4eb761d5a

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/204734/

Comments