neshta | ab9f07758d73614eb4b307ffe5f88e28c62ffdb94a011874dcc2e992fd0e2ca0 | Triage

Submit
Reports

Overview

overview

Static

static

PO.exe

windows7_x64

PO.exe

windows10_x64

Sharing

General

Target

PO.exe
Size

780KB
Sample

211005-f52kxahedk
MD5

986021bcec991cf8e2e30c14b59f68ad
SHA1

ec06450569675fe896382de46a465b0118256ec2
SHA256

ab9f07758d73614eb4b307ffe5f88e28c62ffdb94a011874dcc2e992fd0e2ca0
SHA512

270db5e70fc36d9c5452728a9e0d1d5cb80e727720c04622bd84b00c5ffd7368c3c55737eb855e2b6cb7e112af42934a41c592f3586fe89bf5006ada8aa8aec3

Score

10^/10

neshta persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

PO.exe

Resource

win7-en-20210920

neshta persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PO.exe

Resource

win10v20210408

neshta persistence spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  PO.exe
- Size
  
  780KB
- MD5
  
  986021bcec991cf8e2e30c14b59f68ad
- SHA1
  
  ec06450569675fe896382de46a465b0118256ec2
- SHA256
  
  ab9f07758d73614eb4b307ffe5f88e28c62ffdb94a011874dcc2e992fd0e2ca0
- SHA512
  
  270db5e70fc36d9c5452728a9e0d1d5cb80e727720c04622bd84b00c5ffd7368c3c55737eb855e2b6cb7e112af42934a41c592f3586fe89bf5006ada8aa8aec3
Score

10^/10

neshta persistence spyware
- Detect Neshta Payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Change Default File Association

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespyware

behavioral2

neshtapersistencespyware

© 2018-2024

Terms | Privacy