neshta | 1423e8c23f4a7061d28daf43b69fd2b2bfdd49f694b79dd2438c40dbbc4370cb | Triage

Submit
Reports

Overview

overview

Static

static

1423e8c23f...cb.exe

windows7_x64

1423e8c23f...cb.exe

windows10-2004_x64

Sharing

General

Target

1423e8c23f4a7061d28daf43b69fd2b2bfdd49f694b79dd2438c40dbbc4370cb
Size

465KB
Sample

220603-celj8aabbk
MD5

ca6fe59945cf7d7ab411ec47fad20c80
SHA1

92aa2e90a9368496193b052be0cd3c6e266e0663
SHA256

1423e8c23f4a7061d28daf43b69fd2b2bfdd49f694b79dd2438c40dbbc4370cb
SHA512

7ca4130dc0a53cfd6e3ef7670befc9d00dab64e3e1f9a20d5bd5b8178ea41f71601972711175db1169401d71611157b652bd011fed283ecad54fd98e3f53ebca

Score

10^/10

neshta persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

1423e8c23f4a7061d28daf43b69fd2b2bfdd49f694b79dd2438c40dbbc4370cb.exe

Resource

win7-20220414-en

neshta persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1423e8c23f4a7061d28daf43b69fd2b2bfdd49f694b79dd2438c40dbbc4370cb.exe

Resource

win10v2004-20220414-en

neshta persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  1423e8c23f4a7061d28daf43b69fd2b2bfdd49f694b79dd2438c40dbbc4370cb
- Size
  
  465KB
- MD5
  
  ca6fe59945cf7d7ab411ec47fad20c80
- SHA1
  
  92aa2e90a9368496193b052be0cd3c6e266e0663
- SHA256
  
  1423e8c23f4a7061d28daf43b69fd2b2bfdd49f694b79dd2438c40dbbc4370cb
- SHA512
  
  7ca4130dc0a53cfd6e3ef7670befc9d00dab64e3e1f9a20d5bd5b8178ea41f71601972711175db1169401d71611157b652bd011fed283ecad54fd98e3f53ebca
Score

10^/10

neshta persistence spyware stealer
- Detect Neshta Payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2024

Terms | Privacy