MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a77f609628b6d221c0b6b29879394867eada874cbcf0f334197ea1a98390d062. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Neshta

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	a77f609628b6d221c0b6b29879394867eada874cbcf0f334197ea1a98390d062
SHA3-384 hash:	bdceda5d228de171613a9c102f7945351936f66d9dd4c9b0e1af04c72cf0cdc2e0ca6298e8d6b29db868f9d454f9bcc8
SHA1 hash:	30e8e7278bb52698015c1d844a75a554250278f9
MD5 hash:	683cf86c1ee9c503928e97115a8b4083
humanhash:	fifteen-diet-kentucky-solar
File name:	683cf86c1ee9c503928e97115a8b4083.exe
Download:	download sample
Signature	Neshta Create hunting rule
File size:	399'384 bytes
First seen:	2021-08-10 13:53:39 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f6b61b8e7cfb6c1ac49476384f4084e5 (8 x Loki, 4 x Formbook, 1 x SnakeKeylogger)
ssdeep	12288:JIOiPqBwBnyOK7vEWEnlAOR85EKgKjj6Bd3M1w/ZrA:JIOiSu5DyMWEl7RWYKjjcFVhA
Threatray	207 similar samples on MalwareBazaar
TLSH	T1AC8401DDCA03090BD065CDFD8197A21CA82454E5D76AAED702E5FA2E077C6C0FD362D6
Reporter	abuse_ch
Tags:	exe Neshta

Intelligence

File Origin

# of uploads :

1

# of downloads :

139

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

683cf86c1ee9c503928e97115a8b4083.exe

Verdict:

Suspicious activity

Analysis date:

2021-08-10 13:58:04 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/f0932c56-38ab-4681-a4f1-06e6349385ee

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/177971/

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Neshta

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/9d1d4d59-9785-4074-9afb-b4d19779bcaa

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/830290

Signature

Machine Learning detection for sample

Maps a DLL or memory area into another process

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a77f609628b6d221c0b6b29879394867eada874cbcf0f334197ea1a98390d062/

Threat name:

Win32.Trojan.Sabsik

Status:

Malicious

First seen:

2021-08-10 08:36:38 UTC

AV detection:

27 of 46 (58.70%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=u57wbfriw3jcdqfwwkmhsokim7vnvb2mxtypgnazp2q2ta4q2bra._file

Verdict:

malicious

Similar samples:

4ba041292881b73bc2cf7842f17b64eeca555b209577f5ea842fbeaa30f05ea0

6116018c9a9550c912fdd717f2f3e811339feb4149012f3a15d40a80a492ab8e

a0baff0515a6ff0a42b19248dd7823063a25118963fc396c25f5e5cd6af3d59e

a2c6a9d6809c3cf2ea1108aae86677aaba31ef7e2f10017331716bedd2a8f91c

a73f2d92c3d48bad18d6a33530cedee50fb1495030c752d406045c113eeabd0a

b2ae47f62aa239fb6badfb8af83054c008e9c93d6fe1953732ec03029dc474ce

c5e477805f7686cbcef90f9ecaed8aa9a438bd1bac0842d3b11b6fe8bce76356

+ 197 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/210810-e393entwaa/

Behaviour

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Unpacked files

SH256 hash:

08f9c4abe668f6d34713917cd511f570eda573f7620cadf6eb8444d44667db88

MD5 hash:

89c83433c312d449d1172c1d0bebdbd4

SHA1 hash:

5382be91d15488b89a5fade18ab0766eebdb155e

Link:

https://www.unpac.me/results/c6e54a94-f755-4fdc-9626-2ef6f8bb7c10/

SH256 hash:

a77f609628b6d221c0b6b29879394867eada874cbcf0f334197ea1a98390d062

MD5 hash:

683cf86c1ee9c503928e97115a8b4083

SHA1 hash:

30e8e7278bb52698015c1d844a75a554250278f9

Link:

https://www.unpac.me/results/c6e54a94-f755-4fdc-9626-2ef6f8bb7c10/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.13

Link:

https://yomi.yoroi.company/submissions/a77f609628b6d221c0b6b29879394867eada874cbcf0f334197ea1a98390d062

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe a77f609628b6d221c0b6b29879394867eada874cbcf0f334197ea1a98390d062

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/1490120/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/177971/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample