neshta | 24131e983968075f369f65d54402198d7808385a0f6ee3833798bf16679cc0f2 | Triage

Submit
Reports

Overview

overview

Static

static

24131e9839...f2.exe

windows7-x64

24131e9839...f2.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

24131e983968075f369f65d54402198d7808385a0f6ee3833798bf16679cc0f2
Size

1.2MB
Sample

221020-py6qqaecc5
MD5

96c2053792142e99d7738643b20da3f0
SHA1

81bb3ae7ce8fae497b48ba6c72a369d1b4848b8d
SHA256

24131e983968075f369f65d54402198d7808385a0f6ee3833798bf16679cc0f2
SHA512

23b2a97f3edb336772b016965786e54236080509ad00ac5171c7adb259dcbf87cdda2c09e1da96239e379f84203a9a40a57891d3b007562ba5df8fd028b72fdb
SSDEEP

24576:QXS9pRrSYDdUSk2cg0zcOwkBD69T3mmdXArkm:VpR+YDNcg0zjB4T39Arkm

Score

10^/10

neshta persistence spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

24131e983968075f369f65d54402198d7808385a0f6ee3833798bf16679cc0f2.exe

Resource

win7-20220901-en

neshta persistence spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

24131e983968075f369f65d54402198d7808385a0f6ee3833798bf16679cc0f2.exe

Resource

win10v2004-20220812-en

neshta persistence spyware

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  24131e983968075f369f65d54402198d7808385a0f6ee3833798bf16679cc0f2
- Size
  
  1.2MB
- MD5
  
  96c2053792142e99d7738643b20da3f0
- SHA1
  
  81bb3ae7ce8fae497b48ba6c72a369d1b4848b8d
- SHA256
  
  24131e983968075f369f65d54402198d7808385a0f6ee3833798bf16679cc0f2
- SHA512
  
  23b2a97f3edb336772b016965786e54236080509ad00ac5171c7adb259dcbf87cdda2c09e1da96239e379f84203a9a40a57891d3b007562ba5df8fd028b72fdb
- SSDEEP
  
  24576:QXS9pRrSYDdUSk2cg0zcOwkBD69T3mmdXArkm:VpR+YDNcg0zjB4T39Arkm
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespyware

© 2018-2025

Terms | Privacy