neshta | 28d2db5be24d6b1ba8721646d1b0370e5f0660122283cd2dbcb0faf760940b2b | Triage

Submit
Reports

Overview

overview

Static

static

28d2db5be2...2b.exe

windows7_x64

28d2db5be2...2b.exe

windows10-2004_x64

Sharing

General

Target

28d2db5be24d6b1ba8721646d1b0370e5f0660122283cd2dbcb0faf760940b2b
Size

138KB
Sample

220524-d4mn9ahfcj
MD5

3f51592020f74b0499ecab9fb22597b2
SHA1

66f8785648287bc5235903ac0cb73c808735adb2
SHA256

28d2db5be24d6b1ba8721646d1b0370e5f0660122283cd2dbcb0faf760940b2b
SHA512

82fadff70d5c7ac3be70fb7536863315fd650deea92056dec7b57fc531aa7dfeec1369807bbabd8a8687f21c4845da37ccb600a8a2783309fd46788abe78f31b

Score

10^/10

neshta persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

28d2db5be24d6b1ba8721646d1b0370e5f0660122283cd2dbcb0faf760940b2b.exe

Resource

win7-20220414-en

neshta persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

28d2db5be24d6b1ba8721646d1b0370e5f0660122283cd2dbcb0faf760940b2b.exe

Resource

win10v2004-20220414-en

neshta persistence spyware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  28d2db5be24d6b1ba8721646d1b0370e5f0660122283cd2dbcb0faf760940b2b
- Size
  
  138KB
- MD5
  
  3f51592020f74b0499ecab9fb22597b2
- SHA1
  
  66f8785648287bc5235903ac0cb73c808735adb2
- SHA256
  
  28d2db5be24d6b1ba8721646d1b0370e5f0660122283cd2dbcb0faf760940b2b
- SHA512
  
  82fadff70d5c7ac3be70fb7536863315fd650deea92056dec7b57fc531aa7dfeec1369807bbabd8a8687f21c4845da37ccb600a8a2783309fd46788abe78f31b
Score

10^/10

neshta persistence spyware
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespyware

behavioral2

neshtapersistencespyware

© 2018-2024

Terms | Privacy