neshta | 40c93541874c8d8efcd72987876842efb375a60231dd448f9ead223d3454e782 | Triage

Submit
Reports

Overview

overview

Static

static

40c9354187...82.exe

windows7-x64

40c9354187...82.exe

windows10-2004-x64

Sharing

General

Target

40c93541874c8d8efcd72987876842efb375a60231dd448f9ead223d3454e782
Size

489KB
Sample

221123-w55kkadh64
MD5

53642509834224486de34729fdb1f09b
SHA1

c27de3242ed1bdc121d70514bea629aff9e68de5
SHA256

40c93541874c8d8efcd72987876842efb375a60231dd448f9ead223d3454e782
SHA512

1e6f6cb42ed139917546ea437d3e146f3e784188314d11345f6363064bdfba9bab76033d6dd70827d0f764c0570d09961da44b4525abf4b4578dd32fe3725a95
SSDEEP

6144:k9uCBJ4d/81+2TecGyJbh6AuBmB9WjpcUWkdXszTEc9UnXfY51RRpMc8IGGnadob:U4CE2TrBV6AuBoQXd8V6XgjRojI4iCw

Score

10^/10

neshta discovery persistence spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

40c93541874c8d8efcd72987876842efb375a60231dd448f9ead223d3454e782.exe

Resource

win7-20220812-en

neshta discovery persistence spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

40c93541874c8d8efcd72987876842efb375a60231dd448f9ead223d3454e782.exe

Resource

win10v2004-20221111-en

neshta discovery persistence spyware

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  40c93541874c8d8efcd72987876842efb375a60231dd448f9ead223d3454e782
- Size
  
  489KB
- MD5
  
  53642509834224486de34729fdb1f09b
- SHA1
  
  c27de3242ed1bdc121d70514bea629aff9e68de5
- SHA256
  
  40c93541874c8d8efcd72987876842efb375a60231dd448f9ead223d3454e782
- SHA512
  
  1e6f6cb42ed139917546ea437d3e146f3e784188314d11345f6363064bdfba9bab76033d6dd70827d0f764c0570d09961da44b4525abf4b4578dd32fe3725a95
- SSDEEP
  
  6144:k9uCBJ4d/81+2TecGyJbh6AuBmB9WjpcUWkdXszTEc9UnXfY51RRpMc8IGGnadob:U4CE2TrBV6AuBoQXd8V6XgjRojI4iCw
Score

10^/10

neshta discovery persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtadiscoverypersistencespywarestealer

behavioral2

neshtadiscoverypersistencespyware

© 2018-2024

Terms | Privacy