neshta | e6374204e55ceb79701034afb0f993e9b9903db379a4714f26cc0aa6e6f15a4d | Triage

Submit
Reports

Overview

overview

Static

static

e6374204e5...4d.exe

windows7-x64

e6374204e5...4d.exe

windows10-2004-x64

Sharing

General

Target

e6374204e55ceb79701034afb0f993e9b9903db379a4714f26cc0aa6e6f15a4d
Size

216KB
Sample

221001-wjsc4saecl
MD5

73853da13edec5a9d75216bdbb03843b
SHA1

70e2c7d19adf42511780deac1c39d73b488764d0
SHA256

e6374204e55ceb79701034afb0f993e9b9903db379a4714f26cc0aa6e6f15a4d
SHA512

140dadcd6a175df9a124d36013de2128fc6cd39788f3947f0a04a5d277df15ebfae5b4534ef2045315eadbf8568090dcd428bf8c114381f9ff3155271b306851
SSDEEP

3072:sr85CxOQWc4KPUteztZ72zXYbe2VhwSQYGPvI4534EFHiqqYEFHksJ:k9xHxRv7NyKl6pp9wpkg

Score

10^/10

neshta persistence spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

e6374204e55ceb79701034afb0f993e9b9903db379a4714f26cc0aa6e6f15a4d.exe

Resource

win7-20220812-en

neshta persistence spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

e6374204e55ceb79701034afb0f993e9b9903db379a4714f26cc0aa6e6f15a4d.exe

Resource

win10v2004-20220901-en

neshta persistence spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  e6374204e55ceb79701034afb0f993e9b9903db379a4714f26cc0aa6e6f15a4d
- Size
  
  216KB
- MD5
  
  73853da13edec5a9d75216bdbb03843b
- SHA1
  
  70e2c7d19adf42511780deac1c39d73b488764d0
- SHA256
  
  e6374204e55ceb79701034afb0f993e9b9903db379a4714f26cc0aa6e6f15a4d
- SHA512
  
  140dadcd6a175df9a124d36013de2128fc6cd39788f3947f0a04a5d277df15ebfae5b4534ef2045315eadbf8568090dcd428bf8c114381f9ff3155271b306851
- SSDEEP
  
  3072:sr85CxOQWc4KPUteztZ72zXYbe2VhwSQYGPvI4534EFHiqqYEFHksJ:k9xHxRv7NyKl6pp9wpkg
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2024

Terms | Privacy