neshta | 980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2 | Triage

Resubmissions

07-12-2021 09:14

211207-k7hm2abdf7 10

16-12-2020 09:16

201216-gxachz9m2s 10

Sharing

General

Target

svchost.com
Size

40KB
Sample

211207-k7hm2abdf7
MD5

36fd5e09c417c767a952b4609d73a54b
SHA1

299399c5a2403080a5bf67fb46faec210025b36d
SHA256

980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
SHA512

1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  svchost.com
- Size
  
  40KB
- MD5
  
  36fd5e09c417c767a952b4609d73a54b
- SHA1
  
  299399c5a2403080a5bf67fb46faec210025b36d
- SHA256
  
  980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
- SHA512
  
  1813a6a5b47a9b2cd3958cf4556714ae240f2aa19d0a241b596830f0f2b89a33ec864d00ce6a791d323a58dfbff42a0fded65eefbf980c92685e25c0ec415d92
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer