neshta | 1389f7b82538d937c6e69690483e2d06f3395d87443116fdca916a15f13fb65f | Triage

Sharing

General

Target

1389f7b82538d937c6e69690483e2d06f3395d87443116fdca916a15f13fb65f
Size

40KB
Sample

221119-ngx7ksdc3w
MD5

58b3f1cf56e256640a65f58e7cb88ac0
SHA1

c3eb67746774b2dc391234d25c90a791d2dd41b2
SHA256

1389f7b82538d937c6e69690483e2d06f3395d87443116fdca916a15f13fb65f
SHA512

b79940a4193188f32fec7f677ea1a7b5c091c8d9764fad36ac864acefabeedc296562efe58c3c9a1dc9d3194612c980682d31388563de3d6d757bc6cd8964d07
SSDEEP

768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJlSv9W:JxqjQ+P04wsmJC2iW

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  1389f7b82538d937c6e69690483e2d06f3395d87443116fdca916a15f13fb65f
- Size
  
  40KB
- MD5
  
  58b3f1cf56e256640a65f58e7cb88ac0
- SHA1
  
  c3eb67746774b2dc391234d25c90a791d2dd41b2
- SHA256
  
  1389f7b82538d937c6e69690483e2d06f3395d87443116fdca916a15f13fb65f
- SHA512
  
  b79940a4193188f32fec7f677ea1a7b5c091c8d9764fad36ac864acefabeedc296562efe58c3c9a1dc9d3194612c980682d31388563de3d6d757bc6cd8964d07
- SSDEEP
  
  768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJlSv9W:JxqjQ+P04wsmJC2iW
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer