MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1d59d4290604980ef30e6b5635108258a206354814ab0b447a2c70f9c7b9cd7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Neshta


Vendor detections: 17


Intelligence 17 IOCs YARA 16 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c1d59d4290604980ef30e6b5635108258a206354814ab0b447a2c70f9c7b9cd7
SHA3-384 hash: c414075d812f6a7117c75705e188d4d53f5ab514e1dc78ed035f82fdb437df19c9804a9a0857cd3771da62e7291847b7
SHA1 hash: 4c8330991c7db8c3a0cfe04bdb4c25ab54a2fea6
MD5 hash: ee73ccdc00b956b42b3d30039a193079
humanhash: west-moon-gee-maine
File name:Urgent RFQ.exe
Download: download sample
Signature Neshta
Create hunting rule
File size:1'619'968 bytes
First seen:2025-07-23 18:59:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'740 x AgentTesla, 19'600 x Formbook, 12'241 x SnakeKeylogger)
ssdeep 24576:64AU1WsdYd2ZQjoa18bClJz3Msbo/idZhO:pdYd2Hayc0C
TLSH T14675DF50AD5CAB2EECA523F4C970F2B507B56CA86822E70A4EE53CD73B23B0C1655753
TrID 66.5% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
9.5% (.EXE) Win64 Executable (generic) (10522/11/4)
5.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
4.0% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
dhash icon b2cecca4dacc8cb2 (7 x AgentTesla, 6 x Formbook, 2 x SnakeKeylogger)
Reporter Anonymous
Tags:exe Neshta

Intelligence

File Origin
# of uploads :
1
# of downloads :
505
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Urgent RFQ.exe
Verdict:
Malicious activity
Analysis date:
2025-07-23 19:02:43 UTC
Tags:
neshta netreactor
Link:
https://app.any.run/tasks/74dfbd8c-8f3a-43c3-b456-4f4f877ea17b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Neshta
Create hunting rule
Link:
https://www.capesandbox.com/analysis/16552/
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=688131562f623871a5f29896
Tags:
corrupt dropper neshta shell
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a process with a hidden window
Unauthorized injection to a recently created process
Restart of the analyzed sample
Creating a file
Creating a file in the %temp% subdirectories
Adding an exclusion to Microsoft Defender
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 bitmap confuserex lolbin msbuild obfuscated overlay overlay packed packed reconnaissance regsvcs roboski schtasks stego vbc vbnet
Link:
https://www.filescan.io/uploads/688131538a7d628a81bfaff0/reports/d3ee1620-d613-4e7e-b109-febb27974adc/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/c1d59d4290604980ef30e6b5635108258a206354814ab0b447a2c70f9c7b9cd7
Malware family:
HackingTeam
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e839604e-c5dd-4672-b6c4-96d4c5c4f5e8
Score:
99%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/c1d59d4290604980ef30e6b5635108258a206354814ab0b447a2c70f9c7b9cd7
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
.Net Executable PDB Path PE (Portable Executable) SOS: 0.37 Win 32 Exe x86
Link:
https://app.malva.re/file/ee73ccdc00b956b42b3d30039a193079
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c1d59d4290604980ef30e6b5635108258a206354814ab0b447a2c70f9c7b9cd7/
Verdict:
Malicious
Threat:
Trojan-PSW.MSIL.Agensla
Link:
https://tip.neiki.dev/file/c1d59d4290604980ef30e6b5635108258a206354814ab0b447a2c70f9c7b9cd7
Threat name:
ByteCode-MSIL.Trojan.MassLogger
Create hunting rule
Status:
Malicious
First seen:
2025-07-23 18:05:11 UTC
File Type:
PE (.Net Exe)
Extracted files:
8
AV detection:
19 of 24 (79.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yhkz2quqmbeyb3zq422wguiiewfcay2uqfflbnchuldq7hd3ttlq._file
Verdict:
malicious
Label(s):
neshta
Create hunting rule
unc_loader_037
Create hunting rule
Similar samples:
error
Neshta
Result
Malware family:
neshta
Create hunting rule
Score:
  10/10
Tags:
family:neshta discovery execution persistence spyware stealer
Link:
https://tria.ge/reports/250723-xnxn3ay1cz/
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Drops file in Program Files directory
Drops file in Windows directory
SmartAssembly .NET packer
Suspicious use of SetThreadContext
Checks computer location settings
Modifies system executable filetype association
Reads user/profile data of web browsers
Command and Scripting Interpreter: PowerShell
Detect Neshta payload
Neshta
Neshta family
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/6567cf2a-7703-458e-ae4b-2a9147359c4f
Unpacked files
SH256 hash:
c1d59d4290604980ef30e6b5635108258a206354814ab0b447a2c70f9c7b9cd7
MD5 hash:
ee73ccdc00b956b42b3d30039a193079
SHA1 hash:
4c8330991c7db8c3a0cfe04bdb4c25ab54a2fea6
Link:
https://www.unpac.me/results/76c10774-eb61-4364-85eb-4e8e71cd7301/
SH256 hash:
8e278579b7b5248e4d7d7181b06f6e72838699f30f40de8eb534fb07eaac4713
MD5 hash:
5227ad04e9a5c0fe14a4c0c631d9a4f0
SHA1 hash:
1ff6b60d7cacdc0935bb29c10e8ce41e33b294ff
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/76c10774-eb61-4364-85eb-4e8e71cd7301/
SH256 hash:
980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
MD5 hash:
36fd5e09c417c767a952b4609d73a54b
SHA1 hash:
299399c5a2403080a5bf67fb46faec210025b36d
Detections:
win_neshta_auto
Create hunting rule
win_neshta_g0
Create hunting rule
MAL_Malware_Imphash_Mar23_1
Create hunting rule
MAL_Neshta_Generic
Create hunting rule
MALWARE_Win_Neshta
Create hunting rule
win_neshta_1
Create hunting rule
Link:
https://www.unpac.me/results/76c10774-eb61-4364-85eb-4e8e71cd7301/
Parent samples :
6f7a133591129c585c8f2e64f359c6b19158e1772c7ce2a8e49b4ebe672a86cb
6c698bf3490ab6453d37400d05324e2186754ec6b22d7a62fa424d5793599d4b
ac9a8babed0c6938fc6a4218376339223faad8ce24cb38497b6377664867b2a0
d5e739d5b929d725d105c7f3f86cc7fb6466a909d44dabfcec4cece348f985c4
a39d375b4498174ca49f07d6bc5a152d34bbb3b7681b209125f2a1c7a8b01185
29fcb7e81428cb4cd932ccaf2ed0f61ef9d47853605c153a6de503d54009f11a
19a595917039b249ebebe0e98a532a61585b0a4189bdb44a28c73523feed14da
6ffd13100e26b005774349e84e514bc84391682d9a20e1a46862a3e7599bad7a
4b9c39b0624ed5da7d8ffeb5b8de89562a0ba2db40e4899160fdd1e51efa63ea
9ba99db4c643c7b335b73fd5c52062f25f1699cda426b09710db4e0337360e97
563d0226f3ff043014f86d780778fc6bbae2193e46137271d586ca3d83da34af
b4e70946128b7c45e4e6404714ca40df679ed0b6ac5157533c953196d96daa41
cc29d221864706dcc32aff35a4a7a246c310aa7fd8fd4cb254ad36fb415fe3ff
e82473f02711056cbcda98d22a858d95c6cf574c17ee77ea62db86e405ff6e77
3ba615a4d99b560c58bed9e63c8ecd2c20dbc71560ec1fe51ca2b78a6b8309e6
1aae387dce8782d2f58887aa73dd970e51656c72ada983fb040989656a6dc47e
a89bc5bfb93026e56434c1354508dfa0a66821d35f522429582067fc7f9200cc
e1b0ef4dd27c829683569165d98c902a8ed2f2eaa95b1540c6430f5ea3be0b3f
de544199796705d18dad9dcf238c7c96de3fc8c793057cad94e319527af9c7bd
b8344e9c1ee03f949c70959828a08e1f73f198d58e6721b95676d54a7e6cb6be
a58aca3d20dec5c5f100ade6a9f6182f5f7a783f8269cb032e20780041e44f08
ab9f07758d73614eb4b307ffe5f88e28c62ffdb94a011874dcc2e992fd0e2ca0
5597878b9d511ad8a3e93423174ce90b689523fb00912e93bc704db788539ec8
0fb3c7511c6494252676592eea6db4da4bc89977c066a5e4f7ea599c3c9ad8d5
42b3efec41088a0afd2cc17e038169dd572baa116aa734a427012d39917f4107
b0bd95ea0aa5de9849e555fc8a62f51e1406c6b4dc890ce9a63c9807184d9f0b
d02c7e238675ed340d700e865360567a92cece2754486e033a7957f7f0b33a22
d48ba61686bed9bcd76c92cca9e720d9afd6695b4ac2e62b5772af8367fff20f
4547a55c5799f4434e76b02424f0b4af53ddcf29969771247b75fcf8e90575c2
3597bda69b3968446d1b4be9472f97f89c0243f129fa2a98cbd5683d4002197d
2a0d6ebfcca611f4249d12ea9fbf3b8bf44729d9db9ecfd0f43c72946febca24
36755da9fd84d9bd9f02f1c36bdfd5d1ba1fd28c748e337b7abc30421fd44fb4
b50f7c365160c6134ce71e97e646d8245761687aa431a31a12423daf6cf33012
889c2ec3e88c2a47de4bcc6d88cb74d21a01088330fb240788c81968ba16155b
909ce4ede18938d21f1c4477be2798c4d985fb045ca3be6201f01d43dc2ca6f2
a5b2cf3be1088ad8088d4ef2919e5fe672ce85b89c7c94f17b0fe2240836aec8
abbda703c3fba08e50f339b1b449ec85382c224772d0e95e9ed4bfa8e6a2106a
5d24735ea4e2f2b2359092ab77bf69477ace086f2ed8de754931e3024fc94eac
b5aa1fa3949badd59b3c1a6f5a838c8eadf639c4199b7238179f0de512383217
6b21b5a3b4624e1ad6ac6a8a28d21bf16131fdec95341fa2ac04ea9824b50d75
f8d91c8bc33c75ab7794e0c0a8498110cf03403daed2caf77a47975402be2e48
aefd458ffd4dd6fd5e7e713cc025439012265d4d8bab169c42d2daf98d8afcd9
46ca293c1bc89688a030ebdcac400a501551743160d99dbc919f800e41577e09
bb741e7ac48085e964e7fdfbd19b97a7376712b09c540a95c9a5f1872034908b
393d94791809b4059141bd1d6de789b431a71eb544bc7f7b0d7a1700c042ece5
f94903b0a50cc5c472b19dbceefb98e9f433f1e8fa9cb0a6f98ffca8dc609d5e
792d13b4f3887733a5ca23c9cb7f8f10186a796fb05891b4ff978cb526832ca0
4edbfbe670bdb8f0b1d0f8deebf86c5bb3444fde69fbfb743ee56fbef2ac5d7d
e8a9d29b01c2dde67df8e2ea6aba968af3ff2a7a1adc151c8773615fd6dc9ed0
24d0e610a636a4c010111cc724c2c5df4923885a02356fdeb22f5e13a5485b6c
449885db82a87d3151e04067039b2d07d8a844e0670842a2f739d493ebe6d1b1
950754e261538834ac3563cd3d382b5f1ed40acdcbb17b775ee158e10c827d5b
f8d79678441dd167be899e3b07fff98b7f39985c73e1207ae0a5dc855edb8344
8dba5c25c8f19e2be8aed3c06fd0fc679abeec44bd70c96f7193b04a5196bda8
7cf16fa9b84052ebac0f1752fd4cb2a9ffc8ffafc757f785376f2bde6fb554a5
995a51be969ea8a589668c591764d0675368c72f46539744babd58722a4c73c9
9de15a5c7e9cdefb9a48de4039027de8687838849d9588434564a343d15a9355
a867eb46763ccee8962f882a1cb2cdca5bb654881c4e2c4a20bd88713ba8818a
83a4b6cd0fa89d77f39c1ac7e3ecf5260bd7bffa07ab30fc6c7ab17e87525e39
73538ff2e8e3a4243c071eb7007086eea884c19db8e6bb92f6889eede28134d7
b63557e2a7e7fd2c0fc2e0d5084da08d62586963b22ad22e6b683fb9ee2934c5
68244f7b16e355e88f752ab26bd7290c019fad11d862754e9b5789ca15c263f1
ac5cec58b7bf1c35c562556c984e15b057ba8b3224559f1cc523ea9b70b53354
980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
331d7e76582739e0f13e1405aced8b89f977a595c80c2e481ae74b4189141760
425f76eb82d3accf2865ff9f455a49675c2ca3f273ade57fd865c8fec5163f1e
a5c3adbc3170961645549d41320184a231c0eef43e2c5eea71f235bb4e273d89
377e4f1424a442481aaf05cc99550f80ca5a889bd904f44e04963244274eaaec
2c39793aee8f8966937d52468306f422151978e4b43d665a09f78e5c91fe5401
f9c6d61e21bab262adb55358862e97b2c0cd9b13a6a73129510f24a917558911
0737b4a17fda7c3b5ffe49d1f33da4b1789d0f3b7c77a54113d6136f1672782a
b68cdf9834d06557781bf09a5b3d4dabc3d6d2e1aa18aa42b1a0d42545e8a3d9
b17caccff755c664135937e36fdb567dbae543833983b6168bedbd827c99a9e1
201cffe8bf2c15a804167c67d2a095ff655829395cb54b5c3d3c4d038efde920
dafe6d74868c243d4f818aab7c3f8d5d95b7d69aa1492e34e1e38d80d15e1532
aec8415d0972e902d53d348ebc7beaf6c575f9ec6e12791173ab1d84e90a1109
849f8e0fe82c9e9606234c3c6018ca5f94f063d90bf00e9d551002276485892a
fc7c9c64d0801f66f22ea258673b12b73f392b958cf38dbf14432dcdb3037e5a
179e9673e3cbfd035d528f744f3eb88c65583089bb78d744f2c380be3bf3540a
75854947a6a21c6fdacee3b080ad9f9c8c86546b54410a968d6f09c23e5d00c9
6dd5d1309948dac371cf1cc1083f758ea313161d8658d9d3842e3f908bd280d5
1dbfb91bb378374fbc436b301cc481f6b32c53cfcb5dd3c3ab1eee2460e4bafe
d2fe22f934f6a5445d64e90c88d01a21793f80b0756d520e2d5744cd081193e1
083f671bdfa7b080edff7dc531e68b5179f0adf3109bc5509952209d4c6bffd1
a09effbe070813fd8998f3d09fa1211860faf38f174f3505b0325a9cfae303a5
35845d281a91dae79912a7238697c8b1d074bbff2785b621e0836f7c01d80b6e
5ba9c0369672e2fc6bfe9a4ab55d9c472338990d852c174329200b9771fa1093
cc08d15b67fcc5ed8b92f3360e06e9cf229da6ecb0a887f9ae90243e3288692f
d4f4ad6ea2e448166edde53a24011ddc5c4e870f7c571f9dd5e390e582ca3d33
fc6e2360ec42b0162ca6c115a87359ddb884735669a408df62d03a695554d934
9fad5596477c55d73ef0cedfa3211853f95418dc465c11c14cc3182ceaa1527b
91712842d53fd2c6b1e8f6aafec4a738c6f5a91ecc6849d813c857245a709682
15a7845256801920c72d8eb0b8be091fc8e6bc2461bf1cc53db2cf2b3c76b315
8734c94b5ebc9260065d6ac359500b8f17f290be6c74bb72b9c0cacccf9b7d63
a9d818bc38d2a84ff40e54a062a9fba01a0648300fb1a892432547bc5b85e158
4d934eff240fdf3c222505a546d8fb8c682a3affb70e4a85c635f607a47d8b1a
aead1f538ae65044f17554b188d4d1f88d7c4840bb554f3d70a2fe3ab86f6abf
e273e5e8948330a86519152bc6124971886a15758419d97953187b92b930fbb7
c1d59d4290604980ef30e6b5635108258a206354814ab0b447a2c70f9c7b9cd7
SH256 hash:
f3519b7324178fba50f3c0360fd78a2031ad81b17852e90657a06fb5d49362a6
MD5 hash:
450b95e855a947bed6bb39b15602317a
SHA1 hash:
5f0714570eefabfdafe70071f05ecdc71f4d9da9
Detections:
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
INDICATOR_EXE_Packed_SmartAssembly
Create hunting rule
Link:
https://www.unpac.me/results/76c10774-eb61-4364-85eb-4e8e71cd7301/
Parent samples :
1dd0021ea8fc63fd5576b92848053f8c125944f4aa28197693b11672223c881e
e04f83f2d0684b8ca6864c65fe3965c358aee7beee26cabd33beaa1e94c3d2e1
eb54ebd946de089a842c01f8f72e8d74e7308f22d01b1c5e422aef85807494e2
c893d4d4e7bc91f14c350b66f6ee3727ce54605da71211870999a3dafd6218f9
ffa2ef64753d388a36eef4da1fe88cd54a1f823483445c97c016e984bfe85374
9db5517deff1c9950b4f5d1cff7ea67ff1c83a2c6330e4d7c2267d30252f7b5d
86c3e32ee0df4a00ace137b2c5392f1e86dc50d80e3c29b04915c495fd6f3475
3b97bd64269de273033970ca786f468f1a397d64f4cbdc86289b7a418a196c33
744e016edfc466927f2b7955eade93b58822a6b3bed09794d47f412831d84728
057e5f4fafbf1a293bc9e8b711c23d88b931522bdf08c51ac18723a43ff625d4
f2e0595463196470692945a3b90a3de2a8d4b22a5a3cef610c0a9bceedce3db1
c6cd12aefb61eadf7e46c05de445a63dd5ab74d46b28495f3136c64c93513e0c
5d15d1f4fc9001ab14cfd8fc7acc86aaaf6ddd51e1054dd6cdc387544b657559
50bee81de3e9e73ef381e154620e5e81a3e8aa2d62ae88efca8e56d27feaf1a0
49c288bdd977b430764c2067d4e25cb45dbbfb55105a080458af03221e776f63
a6a9b636acea176d2d225f18d8f28797631b1ce4c5b2e46ed4cbe18f1a71fa6e
6d0143dd66ca4f5b6d342c88feb3a564c81e18e3db7805c85e7f5895acb059bb
dd33f8080b6dc03098609e93e5fb3cf8345c60d9cc980f336bc495f234712d35
49ef1d66eb97245c704e2e92e369ae6b9d5dd5319376b136dbdb297196a472af
efd69a0ac7b81d3d2fe4900b06a98066f2517e0d9364361d396e143d6f90d128
1fa3c4e703405564123cb7d433d69566075ae20b4ba894c91681b0f55b14c14d
e8c55f45805066a63c2f467849f5e055b159faa1a818e458d1c78a76146b3a60
8df390f196fab73f2bae64890816a0045d987cdb9bdee34a2fddb504dfe82234
35c8388a3b8fb7c09ee5786f1bdcfef5a30f04563624dce11d8a2b943bf3a614
741d07fc375b6ac27cabb27a08327af7044741d485af7070c3eb1dde96c08d40
5ad7ee9c5a5165a10dbc330483b45ab27e26ebf8023e8f8c2bd4d8529feb5dc1
89b5724cc6f47227d806e6383d1da6534f28e1d3be5a914c89d3fe2689c6a1f8
4cc4ef1db310f70a8f0a7b8c316e7701ffbe9086d75d5bec6f7a8cae9502ce54
b7e7bc4e1ecbab19a0f5f2e51abd0cb7d6d3beed30a9edc405e71751eea35a6d
30cbfa02438f1323a65cba36353b3f4b5754480c1a8d53a8a96459063e957c84
81bf08f12cdd41902982c5bfb43b2ebcc327a47e24d8d17a085349081138c1f7
c0676910f1362864201df2da6fc69db6b679c8ba7fc0f66a2dc47c2236142bce
1a8cae4d0b7aed52a77e8e33770bfc4148c5766b8f4e24614a2953b5e931ed35
1a60823d2507bf095559dd725fcd7d87c20c98c61bab8c65551ad58892095909
b56564440c97e239fae221a1bcc221e620beac2117a81f05bed47936f51f86c5
6a2ed18bf270a3af67b3048a69f8e601ab0e6d9200a79183ff3bf9f4daf7b225
deadfb57cd54af6fc0fd10b8bdc065b67a9b43eb3868bb1c9442572f0efa62b3
b2d5d9d3c3bfdca561730af8e3cedf26a7a8863e8ee2b7b2e0b5ea8a1aa19636
9973a4893b1d9286439f7fe307592e9efe68d27f769c8de21727aeb1426be787
0094fc5c570fbe55996557919c14a19aef098d14823b68a815f8d41757cb3684
769faad4d101ca7d2c112be380d8c23be716a5a4ba2febe06a0ecc38196fc2a2
d27348a799f87eea272a85478ee75657d29ab30367b493368d29f4d2f20d4727
e74447674de0d55b2b2cde2c6bde58806c411c3f0304d518630bf850145f2cef
e71ddc6968d16669b1cefa0d300fc06f8e8ff2c59acc60f30dbd88217d931c0e
c260d4d3424207395916f74a9276a07ef80c9fc4b580b1815f8b5d22a9cb582b
019f809d35950f9c45a9f2b33b2fa85b17829481aac37124b28478c9f0faf71c
881a03adabb46296752648b7bf93ddc112672464b19022e5e4d807cbeb5435ae
160fe75f8db44c72ff8f98df4238f196d783d78b605eafee68a9bf48224dee98
9fbed6ca2290ff9c03ce544faeb7c65be1e114070414100f5169ede53c918d3d
d0434e247474e854773c4577c0e139af063665c3c71dbf012628b89f2b42d3a2
ac68239a14d084ecf1bc56f98f80073ac30a3f9f08e4279329f7626da648aae2
ef91e44f0b82089f27624e313848ce58878807eb0584c6f8adf943c575e7fba2
ce2a1e75336f3a8a1538a0019aaeeeaa3b69ee6fb86d4427b17d7d985fce4901
79865785eb9723da8edd0f2355e3e5eaa284090bc2c12b4e553121a9a4a53118
8208d70472361b29ee7a71a31ce3231ad68eb2355f6f7a66a2ffe3470d6de43e
2cf509961fdf76bdce189a3216b441dca91f858527062699d2ed55487aba80a4
efe869295ac3b949a986cbb03bcbce50d8cdee27d904592d1f5915a59d604422
04622020a45463744984946bfd38f4bdc01af96087ac784a790db1f1009157ab
948a49335d8343153b509abbad3880b9f7a7c18c133551c638ea026c73a6226e
282c71a915fb16491ac0ca5e5bc43ec8079ebf6db203d880d2b40c6217782807
eb5bbf26af55849a6308af378047a9130006b3e90ac3fe80207371607d586672
152be6a2be012d6fad53c047978748dc01900bcae8e86b6c337b0e8058dbb3e6
7c770feb62e46be197fbb56da6e8eba885b433cfae93f5f9669712c7e3d951dd
f8cc61c1b57d3fc2e254b4ea25cc7a6dc10fda0dfc3f4de11e7b5a518b1bd402
489c3b4e65ec46019d1b57f2485c8862d3904e85994280a41d5271903386f07f
77b83e393ef87abb079566a928461c6348da9d6c3ab029d8781d97391d94adac
6a9f51fc80910555c294f00fc1d99907b22f0321f2a6b3db67a85192caf1a6d0
70a576a39497248cdc4e1510b0b210abc5c4fbc702fe00f69d4ed1f6f50ce7f8
ec81c38ff89da4f91aff94a7ae635adef1e8a4eb07f6ee5eb3f1908e33fb1a19
7d282a1482db57d407c29f6d4198773712ac7a22686f3716c8c655bac7cae268
b7b1ed68e613b5465324b715d04c711d03bfe54223b5dd450eef96d23ae9de96
417c165a04979b22d52eeb3fda53a4b6a699f80c3fc89a69fd408ea0fbad16ac
412934cdc4794191987bdee6aa6161dcae7ee21c5ab62c25aba1c9604c4ab0dd
7a9dfd4083ac768178f01c34659480b81aab334e087b91fe1055c9c43b8ac9aa
99d71c0bc33e95d7a229b32d3f55964f0e0b083fa189fa808b72e340f797b818
3d5a3fe3a54a865807bafa5facb473440da44415efa328b4941dd26d0c4065a8
c1d59d4290604980ef30e6b5635108258a206354814ab0b447a2c70f9c7b9cd7
f23512e02ec9e4ef0e85e110cac1b8777f7f0db6da73ddad8451560547e36ff0
3257b7bb84593414de08c5f7050cb38f4b1cbaf3022705ac071974b720ba533b
8f4137c1511c9ef89a6fe06bd7a2e0ca79c0306775cdc3e8fb3a603c01ab53bf
a49cad8202799fb9d9a5c7d98bd39fc2b967da62a99be1cb1c9856353d747e76
63026f72f41c3da6c760d599525fd38d2fd3c067b6d88b0c25e893785d1911da
3bbe94e388c5e4d74cbf909acffeb608904eca5cc548b89262dfc135dd86ea83
37cd053124973d351eba289478ef51493ca8d8e73f1b3561fec7fa5f278b4c63
c5731cdbb8604adea26e561124d3feb93d600d6062357a7fd3231478a370390d
e6bc3c7660a78a0cea6dca54163039daef66c904409baea3bd79667657270749
b7da4b2bd1caa35f1940adbfa56ef8ff5fc6d7c4ebd49716a188fe480000e530
b7becd06ed5d7a5672557ac209ac03e69055c94c25d80e44a46670b01f42955c
c5f3ff2435c7f3fe3a08a1b762a2046c9e0a34fb3c8117c826d6b9970bd299c5
7ffbc8a42a1ad362989b7098ecad4392f1c2a18f49a294932946ab99ac54368a
22d7ca89918de5ad403867dfc9b0fcae5f3f7c2b6f91cab12f1cc444fedd880b
2278589011ac08c34a0fc7eb9a116f7b348605a9ee28a5d8e1509394f4f35089
a7a427b9b9f7ce1d847bce150139c546e43f61d49c637ee425d24f52803d47c8
8338252e1b1b007bfb5317df49e88c9aeb3b7f8206465c2e84f9d2d949e7cf95
81f16350767ce770055b3629bf915511bb0bd63fdea739d0bed336fa75f6b551
4aa035616ed50d2ca3d86455ef14e5c306d072b3942d25ce570b519b0cb142d6
a8cdfa7e2c10da2b86a2c1824415310726630037cdb268ff2a40763aa811b632
9278dc6a1b10740f3b00ed2be2f00eaf35d3adef17f3c70695fd25cd6ac439c1
c4afe513b1a779d8665a35329cf95c8a5d0d5e6b3925b5af4643ad7cef283a7d
a72143b5769c74747fa3e9d4e6ecca69f9df376b4d8623fbfaf6cb1629bb8bd5
e7274ea8ff50007cdaa3585479d0329920520c16b8424eef5fb8b67ff5c1c8b5
8dc78eff027e8905701bab87ee6d0158988bd624bf31e1d734cc8371f2877838
1e6a20beefa219a71e74f86c55a894b9ba5b69e078e7dc0b0ae65bf5a115489a
cd0d409ccf5fca51e470a6248ade7dfa7e184820294e2a831e888c7d56ed8a0e
3b82841f90c2399ad32af068c7461b1b62039ddcb2f4c597d25c596b37e48f8b
0b5d9aa2bd595e87142227888824aeb7e42b5b3b4c67718fd8001b40575581a6
29a8e6a6d00c902fb249248cd1094e22b3041a87b8b60d8e2cb01d738f4931ca
4ab079696054cf52e0e1a470f98a30f61d628e5bbb69aac6ee60c88deb8843ed
3bd1423600d0763fe0ab5639d0623463cea418ecfc4967a69418e7f8afaf7621
07ef1f0d2150d1e1e0fc070061f387899b0e7c66faa502cdf9da770a730bb1f4
e0f8299e376635dfa8ad50213255a999fb418936c322312c042b42399165df2c
2fac96da4fa6e3190b5aeb5fb672bd2353fb0ae33fb5ae3430a347373addfa7d
3b4f2be2e11dd739f806a4fabd11d75302cfcd01dd82041dfb9367f96590c2b6
32ff5c52ef67ccb5520286787e5875b411e84877860fb4e9b0a53bee6cd20348
f25c044dd471991df3a8fd7ffdd3b0298454309d93882958afa02533d2e93e05
9bad830196ad87ad3561962b28208053792bdccb538c10aa46e7fea76adb300f
f800dc83f7940aba00cfeddcea77ae45a363c8bb242dd9e1477c5a7ab2303b26
38cdc9dad1bbefd14ea3e4f08dd721e11fe5b22bc8039b44714418a614c0f595
b98e000445a9449403003ee760b283e461cbd7aa63080d9981c740be908ec356
8fb46c0cd46a775f5510f5b94a0b579b023ec485137196d70febde274e7b2f57
dea72dfe120fd7ace84ced315abe9ff76a06bdab418ca17c5c04e358676b9dfe
f693db1218d19063d65f0617d326d298f67233cdbc4c3d3b9943987a91049508
b9cb68c5ee8eba74c54c45242cd0fddb6191b5488659ffee0adccad2d38d12c1
cedb9ab81e9912662907d238b24aa684a50da9ce0293f3a5ade6a92a6585e649
9e0cc54e0a325f35de7bd1ae2a15de27ded52f98c08f236af8b8e67b0d60b43e
59cc5fdbe163c5b3e62b4a9ab7df9f72c560e7bb978557d2111a6a1e3e21d691
4fd17cabd75688a8689188dcd5c1290f2075839a9d1825007e1df05e5390f4af
478fee9c40658dbee561fcb81d652bc152d38384b0a6e9905a026105a2e42930
f74e2292aa59f3887ef2e53c94a8f4ac6dda4d96907f45f2dd6018c1e18d6035
65402a7aa85775eba8a6676cc281ec426b0e94fb1f32b9bc625718ade8010f1f
78d09a95f6c402fa6021aefad287e8726b53145ab9d575069f69a41bc29e48c0
27bc76d9371b4b42a83ee6a8a13359ebbffc5fa956f6f074a2e6bb92a117713b
fb39d5e33289245077e8656566d5b55d8b03c09765d72ef55485fc6ef8b4f6a7
b7eab5f19a05b4dc7dc0d210995778e5c74e0aac6e26c740e3a7593774c5d8bf
1f3fa2be48b42d1aea6fdf4c2cf9bc8de2bdee0db74214aee951081b611fdbd7
10b1e678c178cbbb2dda0b5a981d24654fc0fd8211e02b6b315f9cee74d11b86
ea6d24e9fa0a851f4db1736d6100c04bf90713ab63a0f05e23c6c8aae77ec5cd
deda21016ef825cc0df5367d8b40fa1b181a951fe27876a30775b5f9ad777bd1
228d5b79c332bdc4a4d604e22570c0d51fab59665ac0608a4b8242473218a672
a3d56cabd8b53e8273fcaeb5fe5fb67df5b2845a88764f8817f59edfe8b9a4cc
8925bf200e0cbcd6b3615a07250d8d5013dbe309033af7256a4abc93b9225e75
12a5b7f9e8f2ff795e57a6f6550dd793d29cff3fd5a914813ab682fa4a4c7d78
323378dbca5ee14637ea3690b436b90f0ce5b3894051e9f37bc5f4a7b046135e
7b544ccaa0faa1e36c64b6fe56829bbdf428fbe5758361e93fad6c1a87679cf7
2fe9c94efb856517f92bb543c65901ec76b46eaf1ea0d8ae7ac7bad689b9a0af
cc5f0d88e7a634abbfec245547371894e7a617187bb62086d6a7d2fde41982d4
1cf210fbd992ccaceed3a25edb6dbb86c904e5518d3f62d91287138dd51c1bac
77b4e081c839664ad7d952d4475434a52bd94ab42fcb73b898e24514892f57ab
7859144f1586edb705317225bc448262aee1b6a5dd33a17a75338d2458473bd2
1d140bafe5d20cca9ee7d5a111ae63960694f15955f6feeaf43edb54559ae8e1
d4e9b201d25baa1d9421d44c3d0b95f71f5ef7faa6944d75414fd61adb1d897e
1d7f6f56f567e0b079f9f7c828f2384de372fbb3a43bb9a420c4979c48ef3d6d
f206bf4656c5745014977f86d15cb05ab35da6b582343463969747d18146f1f3
f199e8a011ce9dc5c0e579358241f64e951ea530ff27052ebc41f09f1b6546b1
cdc314f346d72dc793385aba0bf05f62206ff6916db4619431c69e379ac9dbbc
785d18fbe268ffc3282fdaf471e46eac4dc46d22a33a359c81395da09d0b37db
5731c236ea34601df844e56e5a06681f2b56ad2c00066e10049bb16a5700630f
3ef0dfc4b0dce97b488f8f54c19f27d1860367d76a09c00aadc2284a27b1c1bd
9738dcbc69c9e6aa0bba8f74c87ef7533af09f539e105fd19f8eebd8151682d2
2a04d12984e5643f61616c4f1cfe1f5f72c4d7e327fb3914a6a9396b76d69f7d
1cb4254b1a62245b30f20ccffbefb79c36b1ef324c6d401cfb6d48ddb00ce6a0
38c2618381541fa79644a0425c1179a9e5667eecce76b3f6b63da719694339cf
e10958007f3b248b76b6423fd3d3567961a3c3b95b9237c247bf4a36a4141984
d5b0da49ea0cb9f02688daaced18dafe9dda4038b649ac44b8e8bd5ae750b122
3f00459bf84d76e5dc3affcbb5211d3d1ca3e083674eaaf6e8c7137ee7dc449e
c75d0dd517c95d24288b71934a0bab7d6ede632eb13af2b142099c6667bf0a6e
1220ac02f58b92353d39a8835a05d509f42244112eea97a789712aee5c22eb85
f0b03fabef2308dadb12ec33fd972048552275518d3830321d4f79012c70578e
8a9868a699f100c367c96c73e1db3135fc915218db42a596458bb109148f7caa
ed1b0cbba209aa95d91ce6d8991afd7982303335f96f459ac9b6b10257c6693a
bb2402bbb7d4563920c4fb18b2f1e2cd016ee87bf9f0a278787fe1654f12d073
bd6ca74d6dc83d0ddf0caa8084facfc3c8dc2bc0882388ba4cf4884a61289524
d02110093b567b37699be31053e454e28ced6e5fa9796ae4fef877f261ec27c0
4815c4b0a11e7bd4bac2db7bff612905804f5ec2272a6c299f842f572572f135
d9e52d9da6fe2b3a961b9bc07004f8a02190f41b17f6ba0473a1325d14e249a4
4597d6374ea637ebcdeb17f5a89b68f7453fb50f718805f648649a2eee72b4b5
bcb809eb36703d28e5175d02dc171bbb82e4459d0d29d1988f490cbe28cdec96
d7ac2f6052c4dcc2749b419018ec5fedbfda677a93da146c26088b0f38d4dde7
14e7936882debada11baf4d5075cb0f81c89257464a35a53012ddd4c18fefd63
90849d86ac7bae351db2917f30c435f8f55ea15fb78cfd04830e598b3d437611
677aa5345f44c45dcf71c85392c2f18b0303f9fb77ffd202bed000606eeefc99
18bae3ade8cb51814a950f4275a500a7105278618c03f27b71494624fa193d30
39257a3171d288b46ee3fa4572be28b0cf1ea8997c9de7e09d692cb7cf09a18f
770013d433ff93470a1c3e3aed7fd7d9dc38725a6b8f95fcc58af900df9b99d2
8b45845bf90a11a1cddf71ad83042a7908e1a721a1e6db90ca6cc7f6600f765e
4b1914795fc885bf2aea6ae4df1225bc2c04f2133e5eca3b44153ebdf743219d
dbc17925f6b344b2f803d81256644eb38d06d85cd87853d4b62f43d14eb3b9a0
671f711a7864063b26897c6bc3114327671e9a85d501c6819b3da16ed401ff48
2c47279be65dc9cf162c20dadcf90215c958946212f52daa6987e2cf30c61987
886e7723b559c601c9d00e21bb016d5a4aeb00bafd267b7a1939b7b30b18ad50
e980147feb749704db2b218c9bf20b80d8a616fc70d3a75a1b4f1f7c0b03b0d1
d5a9a7dbe3a40bf7875cf82a4a36537e19334394d9e765f7b87f07a24cc6e5c8
d78998da684d655070bf9e220cd990e914869245b0faf4592afc1f2c1182de0e
cc0be9f62a9bd5e8568699ba597b1995608b1edc99f79cd2068a2c4ddd5e1b1d
8bccbfd1ffbab7ebcb280e2d9a00e3060b35a39a8ee1567f6d50e9252631ec19
b792318331c4178ab12eba584e625fc6ec9ba6a69adfccd7f78b4b6380494593
ab28a9c31b3ae251c2a88c963a87941a788062b5ed20b5f546ed9243322ea263
c69a7800b5482d1e8e984e2e5ad548e057e1e9236e3ba937b167833e9c3302e2
c42f5c842ada25aeca1ec5153489f23c4cb25dee1df1f0235d2b6fd7bcc0d05d
9c259077adbc15c9fce702a70ba80d6824b3f38b6c899d68f19ef516b442603c
9a68a7bffc93071a4594bed91ff9289e85038fa452e511a6466c2725d63fbe73
881782dcb1d8eda6949c49e10d755a8f9bd72a5d9b23bd88a47af3e21aaa3e9a
d51c25d9940b7f3adb8ce5c9b753e3b43982f55504780bc217dfa1928965b159
b78ac7ead04f796c03a2720933cfabd9ffcce365477ef0f9061fb02d9eb2d19b
698e40f255d340d4a643b5838f58207934c74a3ad1ed881148cf589548f32a4f
c0d097b0b4cb4d354e6a19d7238762c181eb408ccfba7bbea95c142bdb0b5504
4c2d6b024e7af04fe1a42d5afad603b085bf37eff5f3a0b9d59a42b3c2828cc9
f4080676cb63d2c4297e0a38fdddd176f57bb472a93eb9e32a642e3eb55bb0f8
42297810b91165ed7fb3c30d157f94fed8e1f166b94f722d39a98dba01258976
d26ca3593d9b0683f5f32a22c7ae50211391b9b230d9f90c720d4e17b9847983
bf4f6390dc46a09ecb8ee5f35d6b0ddda41861d5ee12b106e9faf2b0e34aa749
f7d2aeb3c3f8d1bec48bbf92745cc52825a00a57dcda82d2b4ac2f09c87f373c
7c0928e18f60a6243e7abd515416fca912827e2929410e30834b0ccf31e03f64
74f8f30b48c4b6306079aed81544bf568cc676b6b678af86874d22b6ece70915
156aae917468256389912d703f16f156f9089c881dd54265b67dbc844f0cc6de
a126609f1200a6789ba34e458e6e58cba14d939bb2823fbe0b4b25397463c0d7
4195e137b692e92936c05fd47ca8487c89ae26bf80de290636b7890c7bdf4316
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c1d59d4290604980ef30e6b5635108258a206354814ab0b447a2c70f9c7b9cd7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Borland
Create hunting rule
Author:malware-lu
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:MALWARE_Win_Neshta
Create hunting rule
Author:ditekSHen
Description:Detects Neshta
Rule name:MAL_Neshta_Generic
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects Neshta malware
Reference:Internal Research
Rule name:MAL_Neshta_Generic_RID2DC9
Create hunting rule
Author:Florian Roth
Description:Detects Neshta malware
Reference:Internal Research
Rule name:neshta_v1
Create hunting rule
Author:RandomMalware
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:win32_dotnet_form_obfuscate
Create hunting rule
Author:Reedus0
Description:Rule for detecting .NET form obfuscate malware
Rule name:Windows_Virus_Neshta_2a5a14c8
Create hunting rule
Author:Elastic Security
Rule name:win_neshta_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via e-mail link
Cape
Cape
https://www.capesandbox.com/analysis/16552/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high

Comments