neshta | 2283eba55b722639287a446420f65f0161bb89b10d27136281b57381384e5ce4 | Triage

Submit
Reports

Overview

overview

Static

static

2283eba55b...e4.exe

windows7_x64

2283eba55b...e4.exe

windows10-2004_x64

Sharing

General

Target

2283eba55b722639287a446420f65f0161bb89b10d27136281b57381384e5ce4
Size

911KB
Sample

220222-npf82ahddm
MD5

00c22062ab8d4bf5afb577c55d3803bb
SHA1

1e3bb2c4c9def27a96133d6c9e9770c568ed7d77
SHA256

2283eba55b722639287a446420f65f0161bb89b10d27136281b57381384e5ce4
SHA512

2980e46559cfa57f1c39d67eb8e231463f96deb6e5d7f1c5cabe974a3daf0c30c90e644639e28e2c805192f3b70963947c2a991d1c4ceacacdbb6a3e2369aaf0

Score

10^/10

neshta persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

2283eba55b722639287a446420f65f0161bb89b10d27136281b57381384e5ce4.exe

Resource

win7-en-20211208

neshta persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2283eba55b722639287a446420f65f0161bb89b10d27136281b57381384e5ce4.exe

Resource

win10v2004-en-20220112

neshta persistence spyware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  2283eba55b722639287a446420f65f0161bb89b10d27136281b57381384e5ce4
- Size
  
  911KB
- MD5
  
  00c22062ab8d4bf5afb577c55d3803bb
- SHA1
  
  1e3bb2c4c9def27a96133d6c9e9770c568ed7d77
- SHA256
  
  2283eba55b722639287a446420f65f0161bb89b10d27136281b57381384e5ce4
- SHA512
  
  2980e46559cfa57f1c39d67eb8e231463f96deb6e5d7f1c5cabe974a3daf0c30c90e644639e28e2c805192f3b70963947c2a991d1c4ceacacdbb6a3e2369aaf0
Score

10^/10

neshta persistence spyware
- Detect Neshta Payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- NirSoft MailPassView
  Password recovery tool for various email clients
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespyware

behavioral2

neshtapersistencespyware

© 2018-2024

Terms | Privacy