neshta | 4818859fe5d4923fb0c76bafbf06167e16cc37c0fd823b57fbab538a0890eed0 | Triage

Sharing

General

Target

4818859fe5d4923fb0c76bafbf06167e16cc37c0fd823b57fbab538a0890eed0
Size

40KB
Sample

221120-n1mj7afc6t
MD5

404c79197f57bef8a07cab54ca340bd8
SHA1

c954f4b6dda4c17f56539ee5fb1c73012580cb0a
SHA256

4818859fe5d4923fb0c76bafbf06167e16cc37c0fd823b57fbab538a0890eed0
SHA512

9fd89d513ff593224aeb2f02f0eda70a2ea92da53128ebcd20b50c7187ad5413128c1b6ec29d5195fa1c98f8968df78613a82a52c5b911eb7f566764aacff629
SSDEEP

768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJD0MVZLv:JxqjQ+P04wsmJCy0u

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  4818859fe5d4923fb0c76bafbf06167e16cc37c0fd823b57fbab538a0890eed0
- Size
  
  40KB
- MD5
  
  404c79197f57bef8a07cab54ca340bd8
- SHA1
  
  c954f4b6dda4c17f56539ee5fb1c73012580cb0a
- SHA256
  
  4818859fe5d4923fb0c76bafbf06167e16cc37c0fd823b57fbab538a0890eed0
- SHA512
  
  9fd89d513ff593224aeb2f02f0eda70a2ea92da53128ebcd20b50c7187ad5413128c1b6ec29d5195fa1c98f8968df78613a82a52c5b911eb7f566764aacff629
- SSDEEP
  
  768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJD0MVZLv:JxqjQ+P04wsmJCy0u
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer