neshta | 4828c43b2fbc01350102edc91d203c17ad379d25f0da15be3188ec721fc7a047 | Triage

Sharing

General

Target

4828c43b2fbc01350102edc91d203c17ad379d25f0da15be3188ec721fc7a047
Size

743KB
Sample

221121-nhvsvagd52
MD5

3b08e406e79d1dca41083c82c364b22c
SHA1

7fcdd16baf7047b1ef22e37a410b6ab3935c0568
SHA256

4828c43b2fbc01350102edc91d203c17ad379d25f0da15be3188ec721fc7a047
SHA512

10e799b89cbecd35ea41b526088148936f47356a4b4d10183053b5317e4cdc23e555455368b0c1186e74c998b312fe9475b7b31208a9be2447d97bb62a9e6312
SSDEEP

12288:8bekMtkfohrPUs37uzHnA6zg5cIsalHERjUrNN/RQ9wgUT5JBJDEx9URRO:8bekYkfohrP337uzHnA6cHswHE/6gUTM

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  4828c43b2fbc01350102edc91d203c17ad379d25f0da15be3188ec721fc7a047
- Size
  
  743KB
- MD5
  
  3b08e406e79d1dca41083c82c364b22c
- SHA1
  
  7fcdd16baf7047b1ef22e37a410b6ab3935c0568
- SHA256
  
  4828c43b2fbc01350102edc91d203c17ad379d25f0da15be3188ec721fc7a047
- SHA512
  
  10e799b89cbecd35ea41b526088148936f47356a4b4d10183053b5317e4cdc23e555455368b0c1186e74c998b312fe9475b7b31208a9be2447d97bb62a9e6312
- SSDEEP
  
  12288:8bekMtkfohrPUs37uzHnA6zg5cIsalHERjUrNN/RQ9wgUT5JBJDEx9URRO:8bekYkfohrP337uzHnA6cHswHE/6gUTM
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer