neshta | e0822a7cc568101a8975702d7ec1a5d7da04a59fbabbcad3407ead155b2c06f3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e0822a7cc568101a8975702d7ec1a5d7da04a59fbabbcad3407ead155b2c06f3
Size

40KB
Sample

221021-an3hzschg9
MD5

5529eab92c304833afe31a194f2b885b
SHA1

a1abd069cc86c132ce5bb8d7f96657dc5cfeb347
SHA256

e0822a7cc568101a8975702d7ec1a5d7da04a59fbabbcad3407ead155b2c06f3
SHA512

c81456811a8bc9a43e297f227e695ad9a79e45d4000d2c20d7a1df4d78839c7f78e05365aaa986224d8cdaece83cd9b3da046e78b72ce143a941435cf03658d5
SSDEEP

768:FyxqjQl/EMQt4Oei7RwsHxKANM0nDhlzOQdJirXv:kxqjQ+P04wsZLnDrCn

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  e0822a7cc568101a8975702d7ec1a5d7da04a59fbabbcad3407ead155b2c06f3
- Size
  
  40KB
- MD5
  
  5529eab92c304833afe31a194f2b885b
- SHA1
  
  a1abd069cc86c132ce5bb8d7f96657dc5cfeb347
- SHA256
  
  e0822a7cc568101a8975702d7ec1a5d7da04a59fbabbcad3407ead155b2c06f3
- SHA512
  
  c81456811a8bc9a43e297f227e695ad9a79e45d4000d2c20d7a1df4d78839c7f78e05365aaa986224d8cdaece83cd9b3da046e78b72ce143a941435cf03658d5
- SSDEEP
  
  768:FyxqjQl/EMQt4Oei7RwsHxKANM0nDhlzOQdJirXv:kxqjQ+P04wsZLnDrCn
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer