neshta | 12cff533a10287ac7ce9b05c0b0d74d0e25333b38963395f47683a55301fe8cd | Triage

Sharing

General

Target

12cff533a10287ac7ce9b05c0b0d74d0e25333b38963395f47683a55301fe8cd
Size

40KB
Sample

221118-2djfxaeg81
MD5

08700ee4c0842454caff8cc3c04fabc6
SHA1

cd19c1364f80bd20918f4e47661433120ebcecf3
SHA256

12cff533a10287ac7ce9b05c0b0d74d0e25333b38963395f47683a55301fe8cd
SHA512

8cf5170796401d0f5210e80e4b4e1660db527f06e07a65c8081d50f9df00536fea3576e545e394db8d8bd9ba1047ba7af3e538e2ee1ffac3426afc2c24995af9
SSDEEP

768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJUWzD:JxqjQ+P04wsmJCvO

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  12cff533a10287ac7ce9b05c0b0d74d0e25333b38963395f47683a55301fe8cd
- Size
  
  40KB
- MD5
  
  08700ee4c0842454caff8cc3c04fabc6
- SHA1
  
  cd19c1364f80bd20918f4e47661433120ebcecf3
- SHA256
  
  12cff533a10287ac7ce9b05c0b0d74d0e25333b38963395f47683a55301fe8cd
- SHA512
  
  8cf5170796401d0f5210e80e4b4e1660db527f06e07a65c8081d50f9df00536fea3576e545e394db8d8bd9ba1047ba7af3e538e2ee1ffac3426afc2c24995af9
- SSDEEP
  
  768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJUWzD:JxqjQ+P04wsmJCvO
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespyware