neshta | a32dbaa55eed94a5dce7e142bb5b73c62f8de6d2c04131d2b4a4de54610aef8b | Triage

Submit
Reports

Overview

overview

Static

static

a32dbaa55e...8b.exe

windows7_x64

a32dbaa55e...8b.exe

windows10-2004_x64

1

Sharing

General

Target

a32dbaa55eed94a5dce7e142bb5b73c62f8de6d2c04131d2b4a4de54610aef8b
Size

166KB
Sample

220524-sccgjaahep
MD5

d5b04fc8327654f07f6c7aae2a068fb0
SHA1

166ba6942cd91c3c4f9bf69fb1775cf8a03f03f6
SHA256

a32dbaa55eed94a5dce7e142bb5b73c62f8de6d2c04131d2b4a4de54610aef8b
SHA512

058a3f9fe2e9a57e684c14e30899a5152d2aed9a9b0d8845cf9e1502a3c44f5c61f066716330f96aae851ab9d8134dc6997e6789ea3931e7e6396c383e1d2116

Score

10^/10

neshta persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

a32dbaa55eed94a5dce7e142bb5b73c62f8de6d2c04131d2b4a4de54610aef8b.exe

Resource

win7-20220414-en

neshta persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a32dbaa55eed94a5dce7e142bb5b73c62f8de6d2c04131d2b4a4de54610aef8b.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  a32dbaa55eed94a5dce7e142bb5b73c62f8de6d2c04131d2b4a4de54610aef8b
- Size
  
  166KB
- MD5
  
  d5b04fc8327654f07f6c7aae2a068fb0
- SHA1
  
  166ba6942cd91c3c4f9bf69fb1775cf8a03f03f6
- SHA256
  
  a32dbaa55eed94a5dce7e142bb5b73c62f8de6d2c04131d2b4a4de54610aef8b
- SHA512
  
  058a3f9fe2e9a57e684c14e30899a5152d2aed9a9b0d8845cf9e1502a3c44f5c61f066716330f96aae851ab9d8134dc6997e6789ea3931e7e6396c383e1d2116
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

© 2018-2024

Terms | Privacy