neshta | c97ccad2e2edf8d8be2aa91082656de78d9f23d121a24f9837e65e3c3fb59c7d | Triage

Sharing

General

Target

c97ccad2e2edf8d8be2aa91082656de78d9f23d121a24f9837e65e3c3fb59c7d
Size

40KB
Sample

221119-3bvltsad91
MD5

47b180ca0fa9318e49de99fbf0127d72
SHA1

c2352e92bf6f087f7c3c25a03fd853384bb1a973
SHA256

c97ccad2e2edf8d8be2aa91082656de78d9f23d121a24f9837e65e3c3fb59c7d
SHA512

f61df5374db4ddc6cf7ac9a9699c9ee77f130b1730d35598e33a3f2208c0520bf30366b99c647a872c046caba774ec17e2ea1f96c2f8d91f1c90a132760d6e4f
SSDEEP

768:nyxqjQl/EMQt4Oei7RwsHxKANM0nDhlzOQdJaGM:yxqjQ+P04wsZLnDrCv

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  c97ccad2e2edf8d8be2aa91082656de78d9f23d121a24f9837e65e3c3fb59c7d
- Size
  
  40KB
- MD5
  
  47b180ca0fa9318e49de99fbf0127d72
- SHA1
  
  c2352e92bf6f087f7c3c25a03fd853384bb1a973
- SHA256
  
  c97ccad2e2edf8d8be2aa91082656de78d9f23d121a24f9837e65e3c3fb59c7d
- SHA512
  
  f61df5374db4ddc6cf7ac9a9699c9ee77f130b1730d35598e33a3f2208c0520bf30366b99c647a872c046caba774ec17e2ea1f96c2f8d91f1c90a132760d6e4f
- SSDEEP
  
  768:nyxqjQl/EMQt4Oei7RwsHxKANM0nDhlzOQdJaGM:yxqjQ+P04wsZLnDrCv
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer