neshta | 4f57df5fe1ce4b9f041df491749bbe753413532f5b3ad1bebde0dde875c8e1d8 | Triage

Submit
Reports

Overview

overview

Static

static

4f57df5fe1...d8.exe

windows7-x64

4f57df5fe1...d8.exe

windows10-2004-x64

Sharing

General

Target

4f57df5fe1ce4b9f041df491749bbe753413532f5b3ad1bebde0dde875c8e1d8
Size

1.6MB
Sample

220720-cteefsagf7
MD5

7ab65a9a62aea5234719ab05a3717ac4
SHA1

4e5f247e833915b0cd7437885a165650d745bec1
SHA256

4f57df5fe1ce4b9f041df491749bbe753413532f5b3ad1bebde0dde875c8e1d8
SHA512

1fa7df766d55636582ae4c6d472b9601016ee3d4adba7cfaded10b28898fed063dd2cbba2bd87fd85204cde171c2c77fa03275c03065410821f638ce44fbd8fb

Score

10^/10

neshta persistence spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

4f57df5fe1ce4b9f041df491749bbe753413532f5b3ad1bebde0dde875c8e1d8.exe

Resource

win7-20220715-en

neshta persistence spyware stealer upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

4f57df5fe1ce4b9f041df491749bbe753413532f5b3ad1bebde0dde875c8e1d8.exe

Resource

win10v2004-20220718-en

neshta persistence spyware stealer upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  4f57df5fe1ce4b9f041df491749bbe753413532f5b3ad1bebde0dde875c8e1d8
- Size
  
  1.6MB
- MD5
  
  7ab65a9a62aea5234719ab05a3717ac4
- SHA1
  
  4e5f247e833915b0cd7437885a165650d745bec1
- SHA256
  
  4f57df5fe1ce4b9f041df491749bbe753413532f5b3ad1bebde0dde875c8e1d8
- SHA512
  
  1fa7df766d55636582ae4c6d472b9601016ee3d4adba7cfaded10b28898fed063dd2cbba2bd87fd85204cde171c2c77fa03275c03065410821f638ce44fbd8fb
Score

10^/10

neshta persistence spyware stealer upx
- Detect Neshta payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealerupx

behavioral2

neshtapersistencespywarestealerupx

© 2018-2024

Terms | Privacy