neshta | e7f27d733c2c5d0f08597154c5324c924ee9514698652880b63c5df37b3c0b70 | Triage

Sharing

General

Target

e7f27d733c2c5d0f08597154c5324c924ee9514698652880b63c5df37b3c0b70
Size

40KB
Sample

221123-xchqrshe8v
MD5

43231a488fdff789482776dd976daaa0
SHA1

dbad0b0a4b6f54d093dcc522bd0df8b201548ed1
SHA256

e7f27d733c2c5d0f08597154c5324c924ee9514698652880b63c5df37b3c0b70
SHA512

b3b1da9d60e32e0f5badced8efaa4e81b16b4f927e1e89172704ae3a17c49b3e6b8bfa2b76427c263cc1b743e6f2fb484a703ab25710fd4ea0dd5a46b9dbbfe4
SSDEEP

768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJQo:JxqjQ+P04wsmJCi

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  e7f27d733c2c5d0f08597154c5324c924ee9514698652880b63c5df37b3c0b70
- Size
  
  40KB
- MD5
  
  43231a488fdff789482776dd976daaa0
- SHA1
  
  dbad0b0a4b6f54d093dcc522bd0df8b201548ed1
- SHA256
  
  e7f27d733c2c5d0f08597154c5324c924ee9514698652880b63c5df37b3c0b70
- SHA512
  
  b3b1da9d60e32e0f5badced8efaa4e81b16b4f927e1e89172704ae3a17c49b3e6b8bfa2b76427c263cc1b743e6f2fb484a703ab25710fd4ea0dd5a46b9dbbfe4
- SSDEEP
  
  768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJQo:JxqjQ+P04wsmJCi
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer