neshta | 3243a155d015906d59fdc180be84355f36c7d5316cfa20dd23a5725c412f6819 | Triage

Submit
Reports

Overview

overview

Static

static

3243a155d0...19.exe

windows7_x64

3243a155d0...19.exe

windows10-2004_x64

Sharing

General

Target

3243a155d015906d59fdc180be84355f36c7d5316cfa20dd23a5725c412f6819
Size

161KB
Sample

220222-glgxtsdcc4
MD5

01a4c5345cb0e7103cd590236ab8f189
SHA1

6788a3d23362909fbcbee05da1c8c5fdb949db2f
SHA256

3243a155d015906d59fdc180be84355f36c7d5316cfa20dd23a5725c412f6819
SHA512

fc73aa703be0cfd3ece5e97dbe9e64eb602254114d5d19e8cf696778e5955a90590b9049c612ad9f6d10f0268014b16054c945ceb1a554ddb15cae9333ad5532

Score

10^/10

neshta persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

3243a155d015906d59fdc180be84355f36c7d5316cfa20dd23a5725c412f6819.exe

Resource

win7-en-20211208

neshta persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3243a155d015906d59fdc180be84355f36c7d5316cfa20dd23a5725c412f6819.exe

Resource

win10v2004-en-20220112

neshta persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3243a155d015906d59fdc180be84355f36c7d5316cfa20dd23a5725c412f6819
- Size
  
  161KB
- MD5
  
  01a4c5345cb0e7103cd590236ab8f189
- SHA1
  
  6788a3d23362909fbcbee05da1c8c5fdb949db2f
- SHA256
  
  3243a155d015906d59fdc180be84355f36c7d5316cfa20dd23a5725c412f6819
- SHA512
  
  fc73aa703be0cfd3ece5e97dbe9e64eb602254114d5d19e8cf696778e5955a90590b9049c612ad9f6d10f0268014b16054c945ceb1a554ddb15cae9333ad5532
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2024

Terms | Privacy