neshta | 94110979e0c68a82595b767bf5bafee9c2ccfef330711ed7a4a7850339b2a80c | Triage

Sharing

General

Target

94110979e0c68a82595b767bf5bafee9c2ccfef330711ed7a4a7850339b2a80c
Size

40KB
Sample

221119-ngn9nshd33
MD5

422ace47376bbf0743dbea3c538e4bc0
SHA1

526ee17bfaeec75a894a61c928ad6393a155b30f
SHA256

94110979e0c68a82595b767bf5bafee9c2ccfef330711ed7a4a7850339b2a80c
SHA512

d5349e04a9f9fe094a999290312ef30c1b0b4550f2020d1e061fbb21296181abd6a251b120c1ede425b9bc553854569c4a88c2fe5a19b16600c677fd4598d88c
SSDEEP

768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJ:JxqjQ+P04wsmJC

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  94110979e0c68a82595b767bf5bafee9c2ccfef330711ed7a4a7850339b2a80c
- Size
  
  40KB
- MD5
  
  422ace47376bbf0743dbea3c538e4bc0
- SHA1
  
  526ee17bfaeec75a894a61c928ad6393a155b30f
- SHA256
  
  94110979e0c68a82595b767bf5bafee9c2ccfef330711ed7a4a7850339b2a80c
- SHA512
  
  d5349e04a9f9fe094a999290312ef30c1b0b4550f2020d1e061fbb21296181abd6a251b120c1ede425b9bc553854569c4a88c2fe5a19b16600c677fd4598d88c
- SSDEEP
  
  768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJ:JxqjQ+P04wsmJC
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespyware