neshta | de383e21f27c56d7ea0d86514c2ffe4c9fc870be4e8f7093d24e4539dd952586 | Triage

Sharing

General

Target

de383e21f27c56d7ea0d86514c2ffe4c9fc870be4e8f7093d24e4539dd952586
Size

40KB
Sample

221119-3bva3aad9z
MD5

3573aa95336907b81606f2b0571ba991
SHA1

4bec287fe68243bb8864b5f696ecf55e710e6b0e
SHA256

de383e21f27c56d7ea0d86514c2ffe4c9fc870be4e8f7093d24e4539dd952586
SHA512

0254cd7e944d104539efd1badbb35481bdde221a085ed92d07b60129df792065dabcc82b01a2128eda3dcba9cc6b23b2d4c2d1e182af1c3a45344f03c5a4ffbf
SSDEEP

768:nyxqjQl/EMQt4Oei7RwsHxKANM0nDhlzOQdJt0Dg1L:yxqjQ+P04wsZLnDrCVk9

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  de383e21f27c56d7ea0d86514c2ffe4c9fc870be4e8f7093d24e4539dd952586
- Size
  
  40KB
- MD5
  
  3573aa95336907b81606f2b0571ba991
- SHA1
  
  4bec287fe68243bb8864b5f696ecf55e710e6b0e
- SHA256
  
  de383e21f27c56d7ea0d86514c2ffe4c9fc870be4e8f7093d24e4539dd952586
- SHA512
  
  0254cd7e944d104539efd1badbb35481bdde221a085ed92d07b60129df792065dabcc82b01a2128eda3dcba9cc6b23b2d4c2d1e182af1c3a45344f03c5a4ffbf
- SSDEEP
  
  768:nyxqjQl/EMQt4Oei7RwsHxKANM0nDhlzOQdJt0Dg1L:yxqjQ+P04wsZLnDrCVk9
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer