neshta | 4d836a743dfa0064fed53622de6f0d0a990ebf35957b8bfb67dd384ad73a7b28 | Triage

Submit
Reports

Overview

overview

Static

static

4d836a743d...28.exe

windows7_x64

4d836a743d...28.exe

windows10-2004_x64

Sharing

General

Target

4d836a743dfa0064fed53622de6f0d0a990ebf35957b8bfb67dd384ad73a7b28
Size

177KB
Sample

220625-gn2p1sgegl
MD5

0b3311a35922047e9bdaaddefb53271f
SHA1

815af9f735dd4ceca67e54d3c755513b4dc263a1
SHA256

4d836a743dfa0064fed53622de6f0d0a990ebf35957b8bfb67dd384ad73a7b28
SHA512

ccc694e8b68a3919ca58dd9aca80b46c62c4b54934711155871bb391ab18ff4aa1ee400b48373bca31d303450e6d5700662c4844d1a28d080854847d034f4872

Score

10^/10

neshta persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

4d836a743dfa0064fed53622de6f0d0a990ebf35957b8bfb67dd384ad73a7b28.exe

Resource

win7-20220414-en

neshta persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4d836a743dfa0064fed53622de6f0d0a990ebf35957b8bfb67dd384ad73a7b28.exe

Resource

win10v2004-20220414-en

neshta persistence spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  4d836a743dfa0064fed53622de6f0d0a990ebf35957b8bfb67dd384ad73a7b28
- Size
  
  177KB
- MD5
  
  0b3311a35922047e9bdaaddefb53271f
- SHA1
  
  815af9f735dd4ceca67e54d3c755513b4dc263a1
- SHA256
  
  4d836a743dfa0064fed53622de6f0d0a990ebf35957b8bfb67dd384ad73a7b28
- SHA512
  
  ccc694e8b68a3919ca58dd9aca80b46c62c4b54934711155871bb391ab18ff4aa1ee400b48373bca31d303450e6d5700662c4844d1a28d080854847d034f4872
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2024

Terms | Privacy