neshta | 03974d45a77e3b35dc461c99641ac9ebce979bbdbe2477b1909ff383dfcf764e | Triage

Submit
Reports

Overview

overview

Static

static

03974d45a7...4e.exe

windows7-x64

03974d45a7...4e.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

03974d45a77e3b35dc461c99641ac9ebce979bbdbe2477b1909ff383dfcf764e
Size

349KB
Sample

221002-yywp7aadhn
MD5

71cb7741943752d257d4f04edb0d81ce
SHA1

a8b12e13b180e6c651885d49885201d75dfaadcb
SHA256

03974d45a77e3b35dc461c99641ac9ebce979bbdbe2477b1909ff383dfcf764e
SHA512

10c527a0c6e2c93c9714578494b6a8ef9f03fe2dfe1c0b56666d065a4d8cc21469b2fd0c8c600f73e72038638cd7407f9cfa378a8d7f518e961d1089afb6dd67
SSDEEP

6144:k9rH43aNQkwiRVf8R5mMsqzlGoSWCw6BLydL5O4++s++j++/++S++WMa6pF430Zn:qjwcZ8RtsYGoSlwAe95VVpak

Score

10^/10

neshta evasion persistence spyware stealer trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

03974d45a77e3b35dc461c99641ac9ebce979bbdbe2477b1909ff383dfcf764e.exe

Resource

win7-20220812-en

neshta evasion persistence spyware stealer trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

03974d45a77e3b35dc461c99641ac9ebce979bbdbe2477b1909ff383dfcf764e.exe

Resource

win10v2004-20220812-en

neshta persistence spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  03974d45a77e3b35dc461c99641ac9ebce979bbdbe2477b1909ff383dfcf764e
- Size
  
  349KB
- MD5
  
  71cb7741943752d257d4f04edb0d81ce
- SHA1
  
  a8b12e13b180e6c651885d49885201d75dfaadcb
- SHA256
  
  03974d45a77e3b35dc461c99641ac9ebce979bbdbe2477b1909ff383dfcf764e
- SHA512
  
  10c527a0c6e2c93c9714578494b6a8ef9f03fe2dfe1c0b56666d065a4d8cc21469b2fd0c8c600f73e72038638cd7407f9cfa378a8d7f518e961d1089afb6dd67
- SSDEEP
  
  6144:k9rH43aNQkwiRVf8R5mMsqzlGoSWCw6BLydL5O4++s++j++/++S++WMa6pF430Zn:qjwcZ8RtsYGoSlwAe95VVpak
Score

10^/10

neshta evasion persistence spyware stealer trojan upx
- Detect Neshta payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtaevasionpersistencespywarestealertrojanupx

behavioral2

neshtapersistencespywarestealer

© 2018-2025

Terms | Privacy