neshta | 257de83c92eaf4d3388c2ef8a687fbcb1ab7fcfd6a4e1a96dfe98bfe9851293b | Triage

Submit
Reports

Overview

overview

Static

static

257de83c92...3b.exe

windows7_x64

257de83c92...3b.exe

windows10-2004_x64

Sharing

General

Target

257de83c92eaf4d3388c2ef8a687fbcb1ab7fcfd6a4e1a96dfe98bfe9851293b
Size

752KB
Sample

220611-xk3qxacdbq
MD5

4804aaf4e145ed7f8b0d887e8a0793b9
SHA1

0c272ead9fe831b963ec876a4fa83a79e54df17b
SHA256

257de83c92eaf4d3388c2ef8a687fbcb1ab7fcfd6a4e1a96dfe98bfe9851293b
SHA512

2e5a76ad21f55bce72fed148b16ffdc38c62d04671d6bf6e81ce9f78b52d6559cd38ef9ff47382429ecb117ef4d261964ce134f3b2a65d6f3c643d5f73391923

Score

10^/10

neshta pony persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

257de83c92eaf4d3388c2ef8a687fbcb1ab7fcfd6a4e1a96dfe98bfe9851293b.exe

Resource

win7-20220414-en

neshta persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

257de83c92eaf4d3388c2ef8a687fbcb1ab7fcfd6a4e1a96dfe98bfe9851293b.exe

Resource

win10v2004-20220414-en

neshta persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

pony

C2

http://insightthk.com/pop8dot/gphs/gate.php

Attributes

payload_url
http://myp0nysite.ru/shit.exe

Targets

- Target
  
  257de83c92eaf4d3388c2ef8a687fbcb1ab7fcfd6a4e1a96dfe98bfe9851293b
- Size
  
  752KB
- MD5
  
  4804aaf4e145ed7f8b0d887e8a0793b9
- SHA1
  
  0c272ead9fe831b963ec876a4fa83a79e54df17b
- SHA256
  
  257de83c92eaf4d3388c2ef8a687fbcb1ab7fcfd6a4e1a96dfe98bfe9851293b
- SHA512
  
  2e5a76ad21f55bce72fed148b16ffdc38c62d04671d6bf6e81ce9f78b52d6559cd38ef9ff47382429ecb117ef4d261964ce134f3b2a65d6f3c643d5f73391923
Score

10^/10

neshta persistence spyware stealer
- Detect Neshta Payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2024

Terms | Privacy