neshta | de0d9d375c0fbfbb0efe538b46148cc113eacad6cb2b02fd70fa034fc3505906 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de0d9d375c0fbfbb0efe538b46148cc113eacad6cb2b02fd70fa034fc3505906
Size

554KB
Sample

221003-yf5kdadae4
MD5

3c03b064689d40dfaf3e59309c900680
SHA1

0affe674a97e29e2312b987335e08bf8b43fab49
SHA256

de0d9d375c0fbfbb0efe538b46148cc113eacad6cb2b02fd70fa034fc3505906
SHA512

291cfc7ec06c81d7d8749714710ee35d975ba786110e0b88fb7fe777a387267965ceaa0e26880206d66a916fe8b5b22584118d1e392de9c3f66878f728afa950
SSDEEP

12288:pA3DvE1NyDtee5MOggiLtpBVFAMPX229jKC88y7gNvIKL:a3Ds1wz6tpHFL9jn88y7giKL

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  de0d9d375c0fbfbb0efe538b46148cc113eacad6cb2b02fd70fa034fc3505906
- Size
  
  554KB
- MD5
  
  3c03b064689d40dfaf3e59309c900680
- SHA1
  
  0affe674a97e29e2312b987335e08bf8b43fab49
- SHA256
  
  de0d9d375c0fbfbb0efe538b46148cc113eacad6cb2b02fd70fa034fc3505906
- SHA512
  
  291cfc7ec06c81d7d8749714710ee35d975ba786110e0b88fb7fe777a387267965ceaa0e26880206d66a916fe8b5b22584118d1e392de9c3f66878f728afa950
- SSDEEP
  
  12288:pA3DvE1NyDtee5MOggiLtpBVFAMPX229jKC88y7gNvIKL:a3Ds1wz6tpHFL9jn88y7giKL
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer