neshta | a0f58dfad35fba533947608d4e833562ef00f9792e0fa07e514be537d620ab83 | Triage

Sharing

General

Target

a0f58dfad35fba533947608d4e833562ef00f9792e0fa07e514be537d620ab83
Size

40KB
Sample

221030-3cnvnsfdel
MD5

a0a7d29cc4052f75c9018aca6ec773c0
SHA1

7d1f21ca0a03906aa3ac31253db4bf325c903f6d
SHA256

a0f58dfad35fba533947608d4e833562ef00f9792e0fa07e514be537d620ab83
SHA512

7eb155ff02c34dfc5fa78ebec1e63cb439a8fe559178a53171944e937073d061a88d65159b2b7cfe9b1c958260b52021b38305b6b13bb2777b03953e4adf3fb5
SSDEEP

768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJ18eH:JxqjQ+P04wsmJCu

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  a0f58dfad35fba533947608d4e833562ef00f9792e0fa07e514be537d620ab83
- Size
  
  40KB
- MD5
  
  a0a7d29cc4052f75c9018aca6ec773c0
- SHA1
  
  7d1f21ca0a03906aa3ac31253db4bf325c903f6d
- SHA256
  
  a0f58dfad35fba533947608d4e833562ef00f9792e0fa07e514be537d620ab83
- SHA512
  
  7eb155ff02c34dfc5fa78ebec1e63cb439a8fe559178a53171944e937073d061a88d65159b2b7cfe9b1c958260b52021b38305b6b13bb2777b03953e4adf3fb5
- SSDEEP
  
  768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJ18eH:JxqjQ+P04wsmJCu
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer