neshta | 79e44db9cbf7207bee57d835115332fafef4f38c0f9a888023dfd35bca50e814 | Triage

Submit
Reports

Overview

overview

Static

static

e0faff582c...45.exe

windows7_x64

e0faff582c...45.exe

windows10_x64

Sharing

General

Target

5542375112474624.zip
Size

168KB
Sample

220124-s9j8msfdhj
MD5

54a1987bac8d38340a1a3e86e1a180e7
SHA1

12b3e892dc13dd9bc2a4a9893f4ee47414cf6820
SHA256

79e44db9cbf7207bee57d835115332fafef4f38c0f9a888023dfd35bca50e814
SHA512

a34dfe79ef84972bd37cd357accf11a6daf8359afe201fd9d82e7cf27f50f2239913a0e74647a0dc6a78de19d4a6d8eafb2060398a17382ab0e1e3bffe015639

Score

10^/10

neshta persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

e0faff582c7899de21175b45d58ffffcd96cbf3c0130bace8bea1500d69fc745.exe

Resource

win7-en-20211208

neshta persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e0faff582c7899de21175b45d58ffffcd96cbf3c0130bace8bea1500d69fc745.exe

Resource

win10-en-20211208

neshta persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  e0faff582c7899de21175b45d58ffffcd96cbf3c0130bace8bea1500d69fc745
- Size
  
  299KB
- MD5
  
  066b95391597221c54db58434089fee1
- SHA1
  
  8879cbae7682e83bb5a8296e58de8a8f9c08e7ce
- SHA256
  
  e0faff582c7899de21175b45d58ffffcd96cbf3c0130bace8bea1500d69fc745
- SHA512
  
  949e9df1b713b1ebd0bc83d4786e77036c93116a91d359aed6cbcf184c4f0a6396b98bb34beb0839e51345fec54c01b6de06d49358a85daffeb8e551ee73caf6
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2024

Terms | Privacy