neshta | 3bccc3e05a7897bce99164d6dd825bdf03898d728b5dfded8cac4acff99edc93 | Triage

Sharing

General

Target

3bccc3e05a7897bce99164d6dd825bdf03898d728b5dfded8cac4acff99edc93
Size

40KB
Sample

221119-3b3x7sfb88
MD5

3447ff0150d11b2d375bd5c7d76393b1
SHA1

1b97811d69cea97b421b32167bd53e26e19a1fc4
SHA256

3bccc3e05a7897bce99164d6dd825bdf03898d728b5dfded8cac4acff99edc93
SHA512

3c483af90e96025f32319c9b09cd5d30fe2a27023fd7756f3f2430673c124aecf416178fe837581aed128dc588b03e999c4d3aee25a1e1022f715c8a27f81ac8
SSDEEP

768:nyxqjQl/EMQt4Oei7RwsHxKANM0nDhlzOQdJ:yxqjQ+P04wsZLnDrC

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  3bccc3e05a7897bce99164d6dd825bdf03898d728b5dfded8cac4acff99edc93
- Size
  
  40KB
- MD5
  
  3447ff0150d11b2d375bd5c7d76393b1
- SHA1
  
  1b97811d69cea97b421b32167bd53e26e19a1fc4
- SHA256
  
  3bccc3e05a7897bce99164d6dd825bdf03898d728b5dfded8cac4acff99edc93
- SHA512
  
  3c483af90e96025f32319c9b09cd5d30fe2a27023fd7756f3f2430673c124aecf416178fe837581aed128dc588b03e999c4d3aee25a1e1022f715c8a27f81ac8
- SSDEEP
  
  768:nyxqjQl/EMQt4Oei7RwsHxKANM0nDhlzOQdJ:yxqjQ+P04wsZLnDrC
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer