neshta | c0705041b495ccbaff8a486d43a1773cc1311154ff92b8fb45ae66eec8ad575d | Triage

Submit
Reports

Overview

overview

Static

static

c0705041b4...5d.exe

windows7_x64

c0705041b4...5d.exe

windows10-2004_x64

Sharing

General

Target

c0705041b495ccbaff8a486d43a1773cc1311154ff92b8fb45ae66eec8ad575d
Size

1.5MB
Sample

220524-3dznkafchr
MD5

88cb0a3e0961da86c65a2905b7172cb0
SHA1

fbf5141f6f859dc807e08f3c326c6bbdc955c498
SHA256

c0705041b495ccbaff8a486d43a1773cc1311154ff92b8fb45ae66eec8ad575d
SHA512

5643761e089845eda5c82d37002153cd5825ad1b54745f80bf194e9a2192ed70b921a30e71fbef0c03a985245536ab186ff6927339c838cb9f7ed47132d5a574

Score

10^/10

neshta persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

c0705041b495ccbaff8a486d43a1773cc1311154ff92b8fb45ae66eec8ad575d.exe

Resource

win7-20220414-en

neshta persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c0705041b495ccbaff8a486d43a1773cc1311154ff92b8fb45ae66eec8ad575d.exe

Resource

win10v2004-20220414-en

neshta persistence spyware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  c0705041b495ccbaff8a486d43a1773cc1311154ff92b8fb45ae66eec8ad575d
- Size
  
  1.5MB
- MD5
  
  88cb0a3e0961da86c65a2905b7172cb0
- SHA1
  
  fbf5141f6f859dc807e08f3c326c6bbdc955c498
- SHA256
  
  c0705041b495ccbaff8a486d43a1773cc1311154ff92b8fb45ae66eec8ad575d
- SHA512
  
  5643761e089845eda5c82d37002153cd5825ad1b54745f80bf194e9a2192ed70b921a30e71fbef0c03a985245536ab186ff6927339c838cb9f7ed47132d5a574
Score

10^/10

neshta persistence spyware
- Detect Neshta Payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespyware

behavioral2

neshtapersistencespyware

© 2018-2024

Terms | Privacy