neshta | fd8ecb99ecee0d54565a781a729ee7ad19203a5105820981d5e818c45d09f82f | Triage

Submit
Reports

Overview

overview

Static

static

LIZ.exe

windows7_x64

LIZ.exe

windows10-2004_x64

Sharing

General

Target

LIZ.bin
Size

86KB
Sample

220623-xs7ptsegfl
MD5

208325c2e57a7d0c51d5b0ad2d7d8248
SHA1

2bfb81ff22483ddf16e0cd792f3cdc26799b0c3a
SHA256

fd8ecb99ecee0d54565a781a729ee7ad19203a5105820981d5e818c45d09f82f
SHA512

b8edb0a68dbc685a1b9bc99e83067fa6b69a0650decf1a189e405a61dc7fc192b36d2e6a51b7695069d3f31a794219a7816609ca6602c24e4d04cd3d699ceaa9

Score

10^/10

neshta persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

LIZ.exe

Resource

win7-20220414-en

neshta persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

LIZ.exe

Resource

win10v2004-20220414-en

neshta persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  LIZ.bin
- Size
  
  86KB
- MD5
  
  208325c2e57a7d0c51d5b0ad2d7d8248
- SHA1
  
  2bfb81ff22483ddf16e0cd792f3cdc26799b0c3a
- SHA256
  
  fd8ecb99ecee0d54565a781a729ee7ad19203a5105820981d5e818c45d09f82f
- SHA512
  
  b8edb0a68dbc685a1b9bc99e83067fa6b69a0650decf1a189e405a61dc7fc192b36d2e6a51b7695069d3f31a794219a7816609ca6602c24e4d04cd3d699ceaa9
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2024

Terms | Privacy