neshta | 4778cec502ccaa5cf16e392014e15d64850a1763deee8119330ce36e8ae52b2a | Triage

Submit
Reports

Overview

overview

Static

static

ACCOUNT GENERATOR.exe

windows7-x64

ACCOUNT GENERATOR.exe

windows10-1703-x64

ACCOUNT GENERATOR.exe

windows10-2004-x64

ACCOUNT GENERATOR.exe

windows11-21h2-x64

Sharing

General

Target

ACCOUNT GENERATOR.exe
Size

3.0MB
Sample

220729-h5htxagaen
MD5

388f954be4a49039feceb74e7ee808c0
SHA1

8fa19b3757c5784f813a569e39f0c82214bcaa40
SHA256

4778cec502ccaa5cf16e392014e15d64850a1763deee8119330ce36e8ae52b2a
SHA512

74199d17ae62506677d5c71e555429d70243a0761d886c1beb10415be3005ff2211392e5c7d7b32f2c842bc71d9a3fc3221f1a5ac5b43ac68c8fbf84a8d0133c

Score

10^/10

neshta persistence spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ACCOUNT GENERATOR.exe

Resource

win7-20220718-en

neshta persistence spyware stealer

windows7-x64

17 signatures

30 seconds

Behavioral task

behavioral2

Sample

ACCOUNT GENERATOR.exe

Resource

win10-20220722-en

neshta persistence spyware stealer

windows10-1703-x64

15 signatures

30 seconds

Behavioral task

behavioral3

Sample

ACCOUNT GENERATOR.exe

Resource

win10v2004-20220721-en

neshta persistence spyware stealer

windows10-2004-x64

14 signatures

30 seconds

Behavioral task

behavioral4

Sample

ACCOUNT GENERATOR.exe

Resource

win11-20220223-en

windows11-21h2-x64

0 signatures

30 seconds

Malware Config

Targets

- Target
  
  ACCOUNT GENERATOR.exe
- Size
  
  3.0MB
- MD5
  
  388f954be4a49039feceb74e7ee808c0
- SHA1
  
  8fa19b3757c5784f813a569e39f0c82214bcaa40
- SHA256
  
  4778cec502ccaa5cf16e392014e15d64850a1763deee8119330ce36e8ae52b2a
- SHA512
  
  74199d17ae62506677d5c71e555429d70243a0761d886c1beb10415be3005ff2211392e5c7d7b32f2c842bc71d9a3fc3221f1a5ac5b43ac68c8fbf84a8d0133c
Score

10^/10

neshta persistence spyware stealer
- Detect Neshta payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

behavioral3

neshtapersistencespywarestealer

behavioral4

© 2018-2024

Terms | Privacy