neshta | da198563553626283f2ef0d2e10228f02a5becd2b988bf833ad2af3a301fbe6d | Triage

Submit
Reports

Overview

overview

Static

static

da19856355...6d.exe

windows7-x64

da19856355...6d.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

da198563553626283f2ef0d2e10228f02a5becd2b988bf833ad2af3a301fbe6d
Size

2.2MB
Sample

221011-pmw25sdhd6
MD5

6ed2d62634ee34e6508fc3b5f4a6f5a2
SHA1

57eae1c641986e8ecc3c9e1d868f2090e7c09d4a
SHA256

da198563553626283f2ef0d2e10228f02a5becd2b988bf833ad2af3a301fbe6d
SHA512

a4cd7198df0ff8cabc57d16d386a6ffb81ce23fb3df5f68e223b1c59e6910c1d6fcf1f7390c5706da28a8c7882e3868a79aa97a3ff3809f6eb5bd7b327994529
SSDEEP

24576:iW4ACGKuql91OaNxRyZG8aiu/Hihy67pCXnJvsp9okJVXHWQZRVxZJkJi5INi177:igCGKEE4y6EyJXPKA7wl/o

Score

10^/10

neshta persistence spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

da198563553626283f2ef0d2e10228f02a5becd2b988bf833ad2af3a301fbe6d.exe

Resource

win7-20220812-en

neshta persistence spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

da198563553626283f2ef0d2e10228f02a5becd2b988bf833ad2af3a301fbe6d.exe

Resource

win10v2004-20220901-en

neshta persistence spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  da198563553626283f2ef0d2e10228f02a5becd2b988bf833ad2af3a301fbe6d
- Size
  
  2.2MB
- MD5
  
  6ed2d62634ee34e6508fc3b5f4a6f5a2
- SHA1
  
  57eae1c641986e8ecc3c9e1d868f2090e7c09d4a
- SHA256
  
  da198563553626283f2ef0d2e10228f02a5becd2b988bf833ad2af3a301fbe6d
- SHA512
  
  a4cd7198df0ff8cabc57d16d386a6ffb81ce23fb3df5f68e223b1c59e6910c1d6fcf1f7390c5706da28a8c7882e3868a79aa97a3ff3809f6eb5bd7b327994529
- SSDEEP
  
  24576:iW4ACGKuql91OaNxRyZG8aiu/Hihy67pCXnJvsp9okJVXHWQZRVxZJkJi5INi177:igCGKEE4y6EyJXPKA7wl/o
Score

10^/10

neshta persistence spyware stealer
- Detect Neshta payload
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2025

Terms | Privacy