neshta | a12f7c6acfeb81bce0e12c48804e3212f48b5bfaf56231d2339e110e0d8e9e2f | Triage

Sharing

General

Target

a12f7c6acfeb81bce0e12c48804e3212f48b5bfaf56231d2339e110e0d8e9e2f
Size

1.8MB
Sample

220524-v95kpabhc4
MD5

cba4f947e203ce5bb64b4c32edc201d0
SHA1

2164c1f95e2ed07c06999868ab8e86a08f700804
SHA256

a12f7c6acfeb81bce0e12c48804e3212f48b5bfaf56231d2339e110e0d8e9e2f
SHA512

b3917ee0a53d071ca90eaf35fc37a36e1fe44d7c729989ccaf43abf611f44de9cda513528aa0f31a47c45ed2f20050d44cb5915b115aed577dc6cb35564fad99

Score

10^/10

neshta evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  Channel.url
- Size
  
  113B
- MD5
  
  b4f5df5c0fd4afa01823efb05509eb7a
- SHA1
  
  f5eaf089f50742496ca1a9bb4bbbce39c7a79418
- SHA256
  
  db94deda654831aa1b36ce8eeeb29426af850294b4550639a68839deae28de62
- SHA512
  
  fedd94c86ac0bb7a7c530ab9d9c27b70ed93866f2f92b77115d1b028949a7fb17ff0114fdbd2ecce39e4cb577f483307624cd1b0666ee3c6a34cdbaae44c824d
Score

6^/10

evasion trojan persistence
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2
- Target
  
  Robot.url
- Size
  
  116B
- MD5
  
  4127f6d4456cb4a5741f1f7fdc190f4d
- SHA1
  
  beca1b38b45110b651e833c7bd764840bf3c8e97
- SHA256
  
  6bd187e01ceda60cad3bce523deb489d7c45c8007c58715c10eeb2adab5c4c23
- SHA512
  
  43dac583ad53331ded9b9ab526b105ced84ff2ad678f72d6da04ae032ae45b8369dab4ae5464aa76212e2fcc7a1088d584b9fea8c774eba2902038f31d446112
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral3 behavioral4
- Target
  
  Thanks.vbs
- Size
  
  1KB
- MD5
  
  7d25b62d12494679ab5a8c8e0314bbc9
- SHA1
  
  1f127c1afe2f8d7ea39c2e9c8d3b505306c72364
- SHA256
  
  d707f9bcc12de7c30e61d7796a4681056ebbff7fe25d5276e05edf02859fd39a
- SHA512
  
  511968294dbb3018a7e97212997de9acd5389c2798eb6b3c509bce3f0d2b99d98c512632fe8a61a8b0cae81cd3da649f273fa1e08309d4708c0ba29324a0c667
Score

1^/10
behavioral5 behavioral6
- Target
  
  Trinity tools/Trinity tools.exe
- Size
  
  2.0MB
- MD5
  
  e7b2ec931a901deaf75675100c4ca218
- SHA1
  
  c21e278f5dd73d8d7fe40ed143b6bd0f422bcd2c
- SHA256
  
  6858f40193bfb7fb23c1454f39dc931cbd5ecdb7307e42b944b4efa4a3861f1a
- SHA512
  
  d8f125ef97d68414173cde8a47fc3206247061549a03fcd639f7befcf9052541f81e463884d954fa86a41143a7fae7436b2d7286648935cf97ab35669919c44d
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral7 behavioral8
- Target
  
  Web.url
- Size
  
  112B
- MD5
  
  8300fed4499cfe1a8f94ad0425349e75
- SHA1
  
  d411c1eb899fe1d23166c4cab33c24826d0e66c5
- SHA256
  
  485e77f2874750613546582c1afd7fd7d883b412a4054871c599bbe45d4a0da9
- SHA512
  
  feb7d73519d21e420cf3d13efb3eabedb07f7a0792f8a2b82fa1d18e38b6d1d2ad619f98f8cac863dd73106ac06db6acbb56a29372f71e0839b1703cddbfcfff
Score

6^/10

evasion trojan persistence
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral9 behavioral10

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

neshtapersistencespywarestealer

behavioral8

behavioral9

behavioral10