neshta | e53534c440334364ac9760716d46fabec3168b7478f8843d293be9267e3ad1cd | Triage

Submit
Reports

Overview

overview

Static

static

e53534c440...cd.exe

windows7_x64

e53534c440...cd.exe

windows10-2004_x64

Sharing

General

Target

e53534c440334364ac9760716d46fabec3168b7478f8843d293be9267e3ad1cd
Size

326KB
Sample

220213-2p8vyadffj
MD5

a8dbd1c9058b8ac50e0c96836bbb8ea9
SHA1

ec20b6fde7b1c296c9672df1221eefa495f80107
SHA256

e53534c440334364ac9760716d46fabec3168b7478f8843d293be9267e3ad1cd
SHA512

c8ab193025c1358e76f9b63266e6ca9dfdda00d2126d14af0c533c6520bd4750c18bae57cf1d447759603023bebf2115118ccc0671774789cde9a7f391d099a7

Score

10^/10

neshta persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

e53534c440334364ac9760716d46fabec3168b7478f8843d293be9267e3ad1cd.exe

Resource

win7-en-20211208

neshta persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e53534c440334364ac9760716d46fabec3168b7478f8843d293be9267e3ad1cd.exe

Resource

win10v2004-en-20220112

neshta persistence spyware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  e53534c440334364ac9760716d46fabec3168b7478f8843d293be9267e3ad1cd
- Size
  
  326KB
- MD5
  
  a8dbd1c9058b8ac50e0c96836bbb8ea9
- SHA1
  
  ec20b6fde7b1c296c9672df1221eefa495f80107
- SHA256
  
  e53534c440334364ac9760716d46fabec3168b7478f8843d293be9267e3ad1cd
- SHA512
  
  c8ab193025c1358e76f9b63266e6ca9dfdda00d2126d14af0c533c6520bd4750c18bae57cf1d447759603023bebf2115118ccc0671774789cde9a7f391d099a7
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespyware

© 2018-2024

Terms | Privacy