neshta | d5aab1100ce7b41f76468759a3af26fff7584793c97ed31adc4f20b7e1ffb090 | Triage

Submit
Reports

Overview

overview

Static

static

d5aab1100c...90.exe

windows7-x64

d5aab1100c...90.exe

windows10-2004-x64

Sharing

General

Target

d5aab1100ce7b41f76468759a3af26fff7584793c97ed31adc4f20b7e1ffb090
Size

912KB
Sample

221119-ngh3nadc2v
MD5

50565928c712c18161af3100443186af
SHA1

c4d46c57d72196afc3e5c486966123a73f2e9b62
SHA256

d5aab1100ce7b41f76468759a3af26fff7584793c97ed31adc4f20b7e1ffb090
SHA512

1f02aaaf542d0cf86f2fbb94025e4b6189384300e844a7b05cb4351ae22e036d688dabf4398efc8bda04c837842dce3a9098ba60c9a504a531ace9dd7dce3b43
SSDEEP

3072:sr8JC24ZoeEszzpngHHhfagnqDaWGSBTxbmjDFoUNzl:kt24ZocpngHHhfag9WGcxbmjDFPv

Score

10^/10

neshta persistence spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d5aab1100ce7b41f76468759a3af26fff7584793c97ed31adc4f20b7e1ffb090.exe

Resource

win7-20221111-en

neshta persistence spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

d5aab1100ce7b41f76468759a3af26fff7584793c97ed31adc4f20b7e1ffb090.exe

Resource

win10v2004-20221111-en

neshta persistence spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  d5aab1100ce7b41f76468759a3af26fff7584793c97ed31adc4f20b7e1ffb090
- Size
  
  912KB
- MD5
  
  50565928c712c18161af3100443186af
- SHA1
  
  c4d46c57d72196afc3e5c486966123a73f2e9b62
- SHA256
  
  d5aab1100ce7b41f76468759a3af26fff7584793c97ed31adc4f20b7e1ffb090
- SHA512
  
  1f02aaaf542d0cf86f2fbb94025e4b6189384300e844a7b05cb4351ae22e036d688dabf4398efc8bda04c837842dce3a9098ba60c9a504a531ace9dd7dce3b43
- SSDEEP
  
  3072:sr8JC24ZoeEszzpngHHhfagnqDaWGSBTxbmjDFoUNzl:kt24ZocpngHHhfag9WGcxbmjDFPv
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2024

Terms | Privacy