neshta | 78f6575f0edd016f85a3819a73d7c29d361a02f02c9a1aa8c91b82f538553971 | Triage

Sharing

General

Target

78f6575f0edd016f85a3819a73d7c29d361a02f02c9a1aa8c91b82f538553971
Size

821KB
Sample

221126-yrgbxsah65
MD5

652c59cbd5f126f6da6a5fb4be7b7628
SHA1

b4133255a74d2933e82d816c9e9666424eece724
SHA256

78f6575f0edd016f85a3819a73d7c29d361a02f02c9a1aa8c91b82f538553971
SHA512

25a1b3c7757d990de646c9645911daa17d7bbeb80a5805458b984821bd5c65947af746cfcd00211c1462f9e58c34de459f64037dfb3ac3f525cfd1035fd484a4
SSDEEP

24576:1IN4Ga/bDXn4Y4vgYXQTXmxaHaMI1/AUk3e0ybiNlOZwJQq9XUj:1IN4Ga/bDXn4Y4vgYgvHF2AUkQbwlGw0

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  78f6575f0edd016f85a3819a73d7c29d361a02f02c9a1aa8c91b82f538553971
- Size
  
  821KB
- MD5
  
  652c59cbd5f126f6da6a5fb4be7b7628
- SHA1
  
  b4133255a74d2933e82d816c9e9666424eece724
- SHA256
  
  78f6575f0edd016f85a3819a73d7c29d361a02f02c9a1aa8c91b82f538553971
- SHA512
  
  25a1b3c7757d990de646c9645911daa17d7bbeb80a5805458b984821bd5c65947af746cfcd00211c1462f9e58c34de459f64037dfb3ac3f525cfd1035fd484a4
- SSDEEP
  
  24576:1IN4Ga/bDXn4Y4vgYXQTXmxaHaMI1/AUk3e0ybiNlOZwJQq9XUj:1IN4Ga/bDXn4Y4vgYgvHF2AUkQbwlGw0
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespyware