neshta | 144edc310f1600feaf8b773a56f2a66de2623c9df4f6d4ef1cc959a61a352966 | Triage

Submit
Reports

Overview

overview

Static

static

144edc310f...66.exe

windows7-x64

144edc310f...66.exe

windows10-2004-x64

Sharing

General

Target

144edc310f1600feaf8b773a56f2a66de2623c9df4f6d4ef1cc959a61a352966
Size

731KB
Sample

221119-ngxaaadc3v
MD5

51b121404323590ed2c25e1701608ee0
SHA1

2c68f35c1698779f35076dd84deb675832c53096
SHA256

144edc310f1600feaf8b773a56f2a66de2623c9df4f6d4ef1cc959a61a352966
SHA512

cb941e6678bf894e0a2a92d5a0ff7d0d490dc1ae234878491eaf732448c6c60c20c5026ff718c9672daf51dc57ed287f213c4a800975cdbaa9aab1cda46896bf
SSDEEP

12288:afKb7nH5lrPo37AzHTA63I0ihE4UEQrrNtIECORGv35ELAfXExy8p06:afKbT5lrPo37AzHTA63/cfU9IEU353fm

Score

10^/10

neshta persistence spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

144edc310f1600feaf8b773a56f2a66de2623c9df4f6d4ef1cc959a61a352966.exe

Resource

win7-20221111-en

neshta persistence spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

144edc310f1600feaf8b773a56f2a66de2623c9df4f6d4ef1cc959a61a352966.exe

Resource

win10v2004-20220901-en

neshta persistence spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  144edc310f1600feaf8b773a56f2a66de2623c9df4f6d4ef1cc959a61a352966
- Size
  
  731KB
- MD5
  
  51b121404323590ed2c25e1701608ee0
- SHA1
  
  2c68f35c1698779f35076dd84deb675832c53096
- SHA256
  
  144edc310f1600feaf8b773a56f2a66de2623c9df4f6d4ef1cc959a61a352966
- SHA512
  
  cb941e6678bf894e0a2a92d5a0ff7d0d490dc1ae234878491eaf732448c6c60c20c5026ff718c9672daf51dc57ed287f213c4a800975cdbaa9aab1cda46896bf
- SSDEEP
  
  12288:afKb7nH5lrPo37AzHTA63I0ihE4UEQrrNtIECORGv35ELAfXExy8p06:afKbT5lrPo37AzHTA63/cfU9IEU353fm
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2024

Terms | Privacy