neshta | 06615aa82fc1f22d638441677ad10d2d311ce652d52abd96618e4f47766e6727 | Triage

Submit
Reports

Overview

overview

Static

static

06615aa82f...27.exe

windows7-x64

06615aa82f...27.exe

windows10-2004-x64

Sharing

General

Target

06615aa82fc1f22d638441677ad10d2d311ce652d52abd96618e4f47766e6727
Size

776KB
Sample

221119-3c3zlafc42
MD5

269c60d04d600ad46c365a3ae4c48880
SHA1

5658cf6ad38bb3fcc8fb8a6e827b1fa3cde38626
SHA256

06615aa82fc1f22d638441677ad10d2d311ce652d52abd96618e4f47766e6727
SHA512

ddb63d99a8059da1e4f165829d41b852d79b16731d268ab4e4c1ab18f9673b2f4d962618747e9f5f0f0cda8ba1e82a0929526418554165e9694163a55408a028
SSDEEP

6144:k9XXjWsbG9zng8ULQa3AlXjWsbG9zng8ULQa3AMr:2XjWsb0znha3KXjWsb0znha3r

Score

10^/10

neshta persistence spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

06615aa82fc1f22d638441677ad10d2d311ce652d52abd96618e4f47766e6727.exe

Resource

win7-20220812-en

neshta persistence spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

06615aa82fc1f22d638441677ad10d2d311ce652d52abd96618e4f47766e6727.exe

Resource

win10v2004-20221111-en

neshta persistence spyware

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  06615aa82fc1f22d638441677ad10d2d311ce652d52abd96618e4f47766e6727
- Size
  
  776KB
- MD5
  
  269c60d04d600ad46c365a3ae4c48880
- SHA1
  
  5658cf6ad38bb3fcc8fb8a6e827b1fa3cde38626
- SHA256
  
  06615aa82fc1f22d638441677ad10d2d311ce652d52abd96618e4f47766e6727
- SHA512
  
  ddb63d99a8059da1e4f165829d41b852d79b16731d268ab4e4c1ab18f9673b2f4d962618747e9f5f0f0cda8ba1e82a0929526418554165e9694163a55408a028
- SSDEEP
  
  6144:k9XXjWsbG9zng8ULQa3AlXjWsbG9zng8ULQa3AMr:2XjWsb0znha3KXjWsb0znha3r
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespyware

© 2018-2024

Terms | Privacy