neshta | f453ddee13f6c253a6371d4cf5a7eeabc422ec20648f3cff59bd83d09f419da0 | Triage

Sharing

General

Target

f453ddee13f6c253a6371d4cf5a7eeabc422ec20648f3cff59bd83d09f419da0
Size

359KB
Sample

221119-3bsr8sfb78
MD5

1450bc93ed21158c31c518cd9162e500
SHA1

b61b9cf8e942d4f77e8ba83b8bec539c6c12e0bc
SHA256

f453ddee13f6c253a6371d4cf5a7eeabc422ec20648f3cff59bd83d09f419da0
SHA512

8606dc663914d87f5e1a954e3cda69ac57aaf4a537a273f08808dca9b33539f2787516183cf27022130981c656b399e41e4d346f6c01a260a10e004ac90cfb6d
SSDEEP

6144:PudtYabOmaEa1r3JHHwe3PfcKrKywz/0K9fqUme9fqUm3:8YaSrYWdGyS0K9fqs9fqx

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  f453ddee13f6c253a6371d4cf5a7eeabc422ec20648f3cff59bd83d09f419da0
- Size
  
  359KB
- MD5
  
  1450bc93ed21158c31c518cd9162e500
- SHA1
  
  b61b9cf8e942d4f77e8ba83b8bec539c6c12e0bc
- SHA256
  
  f453ddee13f6c253a6371d4cf5a7eeabc422ec20648f3cff59bd83d09f419da0
- SHA512
  
  8606dc663914d87f5e1a954e3cda69ac57aaf4a537a273f08808dca9b33539f2787516183cf27022130981c656b399e41e4d346f6c01a260a10e004ac90cfb6d
- SSDEEP
  
  6144:PudtYabOmaEa1r3JHHwe3PfcKrKywz/0K9fqUme9fqUm3:8YaSrYWdGyS0K9fqs9fqx
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer