neshta | a67fa566e4d94857d2e9efe2e6d63a66dd0d4024f35893418b7c0a4ecea36fe3 | Triage

Sharing

General

Target

a67fa566e4d94857d2e9efe2e6d63a66dd0d4024f35893418b7c0a4ecea36fe3
Size

40KB
Sample

221120-n1jhjafc51
MD5

21c3a7b1c8fe25a4ec3fff128cc049fc
SHA1

7c10bb725caa7d8ee61d050f14996e73476c2673
SHA256

a67fa566e4d94857d2e9efe2e6d63a66dd0d4024f35893418b7c0a4ecea36fe3
SHA512

b2e13c530ba0919c11c4f79fc0e78525f8c9fc710424aa7ae0db8afe3b302fd9c0f960f4c4c6ceb7c05c62446357a9b4166c8aedf10ebfd3a51b71857c2646f1
SSDEEP

768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJ:JxqjQ+P04wsmJC

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  a67fa566e4d94857d2e9efe2e6d63a66dd0d4024f35893418b7c0a4ecea36fe3
- Size
  
  40KB
- MD5
  
  21c3a7b1c8fe25a4ec3fff128cc049fc
- SHA1
  
  7c10bb725caa7d8ee61d050f14996e73476c2673
- SHA256
  
  a67fa566e4d94857d2e9efe2e6d63a66dd0d4024f35893418b7c0a4ecea36fe3
- SHA512
  
  b2e13c530ba0919c11c4f79fc0e78525f8c9fc710424aa7ae0db8afe3b302fd9c0f960f4c4c6ceb7c05c62446357a9b4166c8aedf10ebfd3a51b71857c2646f1
- SSDEEP
  
  768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJ:JxqjQ+P04wsmJC
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer