neshta | 73e3ecac601aa269cda6e195a88bd469eafac8afad3ba3ea9664639c0a408ee6 | Triage

Sharing

General

Target

73e3ecac601aa269cda6e195a88bd469eafac8afad3ba3ea9664639c0a408ee6
Size

281KB
Sample

221119-3cf5tsfb99
MD5

27fac8e093b97674c878cfab16d30450
SHA1

849d3438a30fd8a991f63450c4cc898de05184f6
SHA256

73e3ecac601aa269cda6e195a88bd469eafac8afad3ba3ea9664639c0a408ee6
SHA512

87d3d1c73d09b3acdec31ada60ac2a5ce36fac5079148fbe26c15264af92628cea64e2a4f21c546437fa545b2836af1d03c87349b80efe299f250e4713ad16b6
SSDEEP

3072:sr85CAFb6WsFCUdJvbrOLN0+1XkjC7fptD3cyVxpC8aVKhtsQKY8owIFnFRAY7v:k92bTc9dQJH0e3PfcKrKywiRP

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  73e3ecac601aa269cda6e195a88bd469eafac8afad3ba3ea9664639c0a408ee6
- Size
  
  281KB
- MD5
  
  27fac8e093b97674c878cfab16d30450
- SHA1
  
  849d3438a30fd8a991f63450c4cc898de05184f6
- SHA256
  
  73e3ecac601aa269cda6e195a88bd469eafac8afad3ba3ea9664639c0a408ee6
- SHA512
  
  87d3d1c73d09b3acdec31ada60ac2a5ce36fac5079148fbe26c15264af92628cea64e2a4f21c546437fa545b2836af1d03c87349b80efe299f250e4713ad16b6
- SSDEEP
  
  3072:sr85CAFb6WsFCUdJvbrOLN0+1XkjC7fptD3cyVxpC8aVKhtsQKY8owIFnFRAY7v:k92bTc9dQJH0e3PfcKrKywiRP
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespyware