neshta | 2c769cab7d5098a52060d096cf228eea4a23b85ae3c6717792f8dcf0cef471a8 | Triage

Submit
Reports

Overview

overview

Static

static

2c769cab7d...a8.exe

windows7_x64

2c769cab7d...a8.exe

windows10-2004_x64

Sharing

General

Target

2c769cab7d5098a52060d096cf228eea4a23b85ae3c6717792f8dcf0cef471a8
Size

168KB
Sample

220222-j5rx9affcl
MD5

c0cda789e54e55adb82254b49ee6459c
SHA1

03117a0e347e5a4ebdbca24560777871e003eed4
SHA256

2c769cab7d5098a52060d096cf228eea4a23b85ae3c6717792f8dcf0cef471a8
SHA512

6bcc733d0d41599537842a741ef8411cf40a9c7a13ed50302bfcbf37c82f29fdc4d07b10d168d497f0e55820a9a193cce28dc30749e38f37ee320e2a15ab76f4

Score

10^/10

neshta persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

2c769cab7d5098a52060d096cf228eea4a23b85ae3c6717792f8dcf0cef471a8.exe

Resource

win7-en-20211208

neshta persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2c769cab7d5098a52060d096cf228eea4a23b85ae3c6717792f8dcf0cef471a8.exe

Resource

win10v2004-en-20220113

neshta persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  2c769cab7d5098a52060d096cf228eea4a23b85ae3c6717792f8dcf0cef471a8
- Size
  
  168KB
- MD5
  
  c0cda789e54e55adb82254b49ee6459c
- SHA1
  
  03117a0e347e5a4ebdbca24560777871e003eed4
- SHA256
  
  2c769cab7d5098a52060d096cf228eea4a23b85ae3c6717792f8dcf0cef471a8
- SHA512
  
  6bcc733d0d41599537842a741ef8411cf40a9c7a13ed50302bfcbf37c82f29fdc4d07b10d168d497f0e55820a9a193cce28dc30749e38f37ee320e2a15ab76f4
Score

10^/10

neshta persistence spyware stealer
- Detect Neshta Payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Nirsoft
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2024

Terms | Privacy