neshta | d0735b001b2551f2f2fe2c82ca019cc262c982cda3a4625362d17f5311894c7b | Triage

Submit
Reports

Overview

overview

Static

static

tmp/43af84...15.exe

windows7_x64

tmp/43af84...15.exe

windows10_x64

Sharing

General

Target

tmp/43af84b9-9366-4084-a1b1-d74d4bc5d31f_1015.exe
Size

971KB
Sample

211228-m32apadgc6
MD5

ae340c49fe80c252c79d4cd6ff796ba0
SHA1

96e1dc388300f396a47a2569654f64d5a0fca3e5
SHA256

d0735b001b2551f2f2fe2c82ca019cc262c982cda3a4625362d17f5311894c7b
SHA512

fdb894be585d1c3bc97c5f36e9b567e9e853e539bc6f6a9cc645d539dfb0527f736207aac8f7cc19983cfcfc1d3eb836ce6f99dc2dc82dffa4693a17b22a4027

Score

10^/10

neshta persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

tmp/43af84b9-9366-4084-a1b1-d74d4bc5d31f_1015.exe

Resource

win7-en-20211208

neshta persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

tmp/43af84b9-9366-4084-a1b1-d74d4bc5d31f_1015.exe

Resource

win10-en-20211208

neshta persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  tmp/43af84b9-9366-4084-a1b1-d74d4bc5d31f_1015.exe
- Size
  
  971KB
- MD5
  
  ae340c49fe80c252c79d4cd6ff796ba0
- SHA1
  
  96e1dc388300f396a47a2569654f64d5a0fca3e5
- SHA256
  
  d0735b001b2551f2f2fe2c82ca019cc262c982cda3a4625362d17f5311894c7b
- SHA512
  
  fdb894be585d1c3bc97c5f36e9b567e9e853e539bc6f6a9cc645d539dfb0527f736207aac8f7cc19983cfcfc1d3eb836ce6f99dc2dc82dffa4693a17b22a4027
Score

10^/10

neshta persistence spyware stealer
- Detect Neshta Payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2024

Terms | Privacy