neshta | 34808cb9de354172c3e0a4b868ee597d96eb8d88e016843a6731f16ee566f713 | Triage

Sharing

General

Target

34808cb9de354172c3e0a4b868ee597d96eb8d88e016843a6731f16ee566f713
Size

1.6MB
Sample

221126-3yc1ashe7w
MD5

83bb9c50ca7bd6bd0b9e6a301f052a66
SHA1

b96789f8d5de1d7d435c1d0a3f412ec608bee847
SHA256

34808cb9de354172c3e0a4b868ee597d96eb8d88e016843a6731f16ee566f713
SHA512

c3fa8f22b622b1d4fc9d85390794b22832fc070b95f2e7bd703af25443510b236231e60fa66c64320277f44d82074369873b8dd6daf8088266ea8b28980c1513
SSDEEP

24576:Ltb2tpkaCqT5TBWgNQ7aR5J06AFblE8Z000DwbUiMHKnd:IEg5tQ7aR5G5FJsDwoiuUd

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  34808cb9de354172c3e0a4b868ee597d96eb8d88e016843a6731f16ee566f713
- Size
  
  1.6MB
- MD5
  
  83bb9c50ca7bd6bd0b9e6a301f052a66
- SHA1
  
  b96789f8d5de1d7d435c1d0a3f412ec608bee847
- SHA256
  
  34808cb9de354172c3e0a4b868ee597d96eb8d88e016843a6731f16ee566f713
- SHA512
  
  c3fa8f22b622b1d4fc9d85390794b22832fc070b95f2e7bd703af25443510b236231e60fa66c64320277f44d82074369873b8dd6daf8088266ea8b28980c1513
- SSDEEP
  
  24576:Ltb2tpkaCqT5TBWgNQ7aR5J06AFblE8Z000DwbUiMHKnd:IEg5tQ7aR5G5FJsDwoiuUd
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespyware