neshta | 8196488884068411be672639c7ae161a22a82c347c0b7c4048e0a4ad131e4f07 | Triage

Submit
Reports

Overview

overview

Static

static

8196488884...07.exe

windows7_x64

8196488884...07.exe

windows10-2004_x64

Sharing

General

Target

8196488884068411be672639c7ae161a22a82c347c0b7c4048e0a4ad131e4f07
Size

4.2MB
Sample

220625-v7ld2afhe4
MD5

9f5faf58d19a9f2e2cb26d5b1ad90629
SHA1

732c8478d1b29abc2e72bd1b40f58dacfa2c52a9
SHA256

8196488884068411be672639c7ae161a22a82c347c0b7c4048e0a4ad131e4f07
SHA512

630292dc568e15de8332caf0dcd3b54e411f113489d260e3d584881e15085e5f2a4a210cf862a4f13576d36adb26184a593f12cdf14e7caf782b8d26e3a74aeb

Score

10^/10

neshta evasion persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

8196488884068411be672639c7ae161a22a82c347c0b7c4048e0a4ad131e4f07.exe

Resource

win7-20220414-en

neshta evasion persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8196488884068411be672639c7ae161a22a82c347c0b7c4048e0a4ad131e4f07.exe

Resource

win10v2004-20220414-en

neshta evasion persistence spyware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  8196488884068411be672639c7ae161a22a82c347c0b7c4048e0a4ad131e4f07
- Size
  
  4.2MB
- MD5
  
  9f5faf58d19a9f2e2cb26d5b1ad90629
- SHA1
  
  732c8478d1b29abc2e72bd1b40f58dacfa2c52a9
- SHA256
  
  8196488884068411be672639c7ae161a22a82c347c0b7c4048e0a4ad131e4f07
- SHA512
  
  630292dc568e15de8332caf0dcd3b54e411f113489d260e3d584881e15085e5f2a4a210cf862a4f13576d36adb26184a593f12cdf14e7caf782b8d26e3a74aeb
Score

10^/10

neshta evasion persistence spyware
- Detect Neshta Payload
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtaevasionpersistencespyware

behavioral2

neshtaevasionpersistencespyware

© 2018-2024

Terms | Privacy