neshta | 3fa53f6f68e280013eb9651a53a3c40a16fa99f7689d0761b3f95b2de68b22cf | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...01.exe

windows7_x64

SecuriteIn...01.exe

windows10_x64

Sharing

General

Target

SecuriteInfo.com.W32.MSIL_Kryptik.ERY.genEldorado.22139.11301
Size

700KB
Sample

210706-s12y9abwej
MD5

4c33a8d7ea67f81000eee8b1c9475f9c
SHA1

a96a1a2cd37af1a04fafc9104b59661924c2c2a0
SHA256

3fa53f6f68e280013eb9651a53a3c40a16fa99f7689d0761b3f95b2de68b22cf
SHA512

d93206e78dbfc4e1ca1633172c7aeb93ba6270822e7f8880220599731d9db4299ea85e1d14d59929ebe6e9b812d09f8db180df4fa4f2bbc93fc4d8a0aad87cf0

Score

10^/10

neshta persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.W32.MSIL_Kryptik.ERY.genEldorado.22139.11301.exe

Resource

win7v20210410

neshta persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.W32.MSIL_Kryptik.ERY.genEldorado.22139.11301.exe

Resource

win10v20210410

neshta persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  SecuriteInfo.com.W32.MSIL_Kryptik.ERY.genEldorado.22139.11301
- Size
  
  700KB
- MD5
  
  4c33a8d7ea67f81000eee8b1c9475f9c
- SHA1
  
  a96a1a2cd37af1a04fafc9104b59661924c2c2a0
- SHA256
  
  3fa53f6f68e280013eb9651a53a3c40a16fa99f7689d0761b3f95b2de68b22cf
- SHA512
  
  d93206e78dbfc4e1ca1633172c7aeb93ba6270822e7f8880220599731d9db4299ea85e1d14d59929ebe6e9b812d09f8db180df4fa4f2bbc93fc4d8a0aad87cf0
Score

10^/10

neshta persistence spyware stealer
- Detect Neshta Payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2024

Terms | Privacy