neshta | 216fa369774dd554fc536556999893572f27e54457c6b52c763893ce892bb7fe | Triage

Submit
Reports

Overview

overview

Static

static

216fa36977...fe.exe

windows7-x64

216fa36977...fe.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

216fa369774dd554fc536556999893572f27e54457c6b52c763893ce892bb7fe
Size

96KB
Sample

221002-fpa31sahdq
MD5

67bd3277b2a10f1976ca8302b792b190
SHA1

45fedd8df546c024a68193ff6ec565514724a916
SHA256

216fa369774dd554fc536556999893572f27e54457c6b52c763893ce892bb7fe
SHA512

db55fa1dd32e437b23a4963617f5b285a0c930c745c61874600934bedfb164a12f8003e57b1c4ed5406d1c8d10a38ddb006b795cccdbdd0c40dbd2ed05bbbfbc
SSDEEP

1536:JxqjQ+P04wsmJC0O8JaxELQGmA73dhfp:sr85C+DLQtA7Nhp

Score

10^/10

neshta persistence spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

216fa369774dd554fc536556999893572f27e54457c6b52c763893ce892bb7fe.exe

Resource

win7-20220812-en

neshta persistence spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

216fa369774dd554fc536556999893572f27e54457c6b52c763893ce892bb7fe.exe

Resource

win10v2004-20220812-en

neshta persistence spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  216fa369774dd554fc536556999893572f27e54457c6b52c763893ce892bb7fe
- Size
  
  96KB
- MD5
  
  67bd3277b2a10f1976ca8302b792b190
- SHA1
  
  45fedd8df546c024a68193ff6ec565514724a916
- SHA256
  
  216fa369774dd554fc536556999893572f27e54457c6b52c763893ce892bb7fe
- SHA512
  
  db55fa1dd32e437b23a4963617f5b285a0c930c745c61874600934bedfb164a12f8003e57b1c4ed5406d1c8d10a38ddb006b795cccdbdd0c40dbd2ed05bbbfbc
- SSDEEP
  
  1536:JxqjQ+P04wsmJC0O8JaxELQGmA73dhfp:sr85C+DLQtA7Nhp
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2025

Terms | Privacy