MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd0eb6fff38b72907c56ad02467144b61744a7d24a054ce14eddf779854180ca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Neshta


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd0eb6fff38b72907c56ad02467144b61744a7d24a054ce14eddf779854180ca
SHA3-384 hash: 1c9ea56641dc626490213fb0b5cb4acab6535efe051c1c35d4f6714e2275f02587c094c8839dbadb78cb364f3ae0fde3
SHA1 hash: 4fdf77348d0d33804254ab3e0761fe2a4ef5f82d
MD5 hash: a503bf5f5a7aefd063ad1ce5c0c244ed
humanhash: hydrogen-equal-shade-moon
File name:a503bf5f5a7aefd063ad1ce5c0c244ed.exe
Download: download sample
Signature Neshta
Create hunting rule
File size:279'223 bytes
First seen:2021-09-24 08:48:00 UTC
Last seen:2021-09-24 09:54:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b76363e9cb88bf9390860da8e50999d2 (464 x Formbook, 184 x AgentTesla, 122 x SnakeKeylogger)
ssdeep 6144:F8LxBsO6qWI5I+APiufzNl609+0K+nZNqX4D6BklI7R2sqwA7i:/m/5I+API09vKAurR2ss7i
Threatray 149 similar samples on MalwareBazaar
TLSH T158541223E0D2E5A3D49247F10D77BBB8F2F192154785124B8BA83F37BEA45D3811A2D6
File icon (PE):PE icon
dhash icon b2a89c96a2cada72 (2'283 x Formbook, 981 x Loki, 803 x AgentTesla)
Reporter abuse_ch
Tags:exe Neshta

Intelligence

File Origin
# of uploads :
2
# of downloads :
205
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
a503bf5f5a7aefd063ad1ce5c0c244ed.exe
Verdict:
Suspicious activity
Analysis date:
2021-09-24 09:01:24 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/dc3b2e06-0487-445d-acad-776e04e61536

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/191130/
Detection(s):
SecuriteInfo.com.Trojan.NSISX.Spy.Gen.2.14247.15428.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f6e432d6-53f5-455b-b3bb-1813196355b4
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spre.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/857207
Signature
Creates an undocumented autostart registry key
Drops executable to a common third party application directory
Drops PE files with a suspicious file extension
Infects executable files (exe, dll, sys, html)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bd0eb6fff38b72907c56ad02467144b61744a7d24a054ce14eddf779854180ca/
Threat name:
Win32.Trojan.Nsisx
Create hunting rule
Status:
Malicious
First seen:
2021-09-24 08:48:20 UTC
AV detection:
12 of 45 (26.67%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0f588cc0f351e5a7a82372fb978693bd088484d89d2219267a4fd7f7c52203d8
Neshta
35781f59dd0d4db4313b493ba0f80606f0f999c904e72a2dd76b0cb111678cde
Neshta
412bcb0abe4197be23ae265308d96f9db0f0fd5f96ec0ac053d744d1565e80eb
Neshta
563d0226f3ff043014f86d780778fc6bbae2193e46137271d586ca3d83da34af
Neshta
58f33976b1934ff2e471844d7a7ee4c6e4ab3edb8ca2a6b88c86795c3368cfeb
Neshta
a73f2d92c3d48bad18d6a33530cedee50fb1495030c752d406045c113eeabd0a
Neshta
b2ae47f62aa239fb6badfb8af83054c008e9c93d6fe1953732ec03029dc474ce
Neshta
d021e872a4841ee35b654e3dfb946b8f880f3a598050bde20550899410456321
Neshta
de544199796705d18dad9dcf238c7c96de3fc8c793057cad94e319527af9c7bd
Neshta
e1b0ef4dd27c829683569165d98c902a8ed2f2eaa95b1540c6430f5ea3be0b3f
Neshta
+ 139 additional samples on MalwareBazaar
Result
Malware family:
neshta
Create hunting rule
Score:
  10/10
Tags:
family:neshta persistence spyware stealer
Link:
https://tria.ge/reports/210924-kqgz6sgde2/
Behaviour
Modifies registry class
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Program Files directory
Drops file in Windows directory
Loads dropped DLL
Reads user/profile data of web browsers
Modifies system executable filetype association
Neshta
Unpacked files
SH256 hash:
930274a00c6b8397b2d03b177ef61f2de0edf8a767e03a6891b35deca7926077
MD5 hash:
5a72fd39b2efe488fc0c84b9e9380c51
SHA1 hash:
4a6dd35c6cc3af986250374b2e5af2000791f77a
Link:
https://www.unpac.me/results/e458abf9-effd-4c9d-8a23-a92b4fa206e1/
SH256 hash:
bd0eb6fff38b72907c56ad02467144b61744a7d24a054ce14eddf779854180ca
MD5 hash:
a503bf5f5a7aefd063ad1ce5c0c244ed
SHA1 hash:
4fdf77348d0d33804254ab3e0761fe2a4ef5f82d
Link:
https://www.unpac.me/results/e458abf9-effd-4c9d-8a23-a92b4fa206e1/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/bd0eb6fff38b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.37
Link:
https://yomi.yoroi.company/submissions/bd0eb6fff38b72907c56ad02467144b61744a7d24a054ce14eddf779854180ca

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Neshta

Executable exe bd0eb6fff38b72907c56ad02467144b61744a7d24a054ce14eddf779854180ca

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1642012/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/191130/

Comments