neshta | 77ebacda163e56d2dd052c9e8ca0d8fb72f8eb5412c2f0770a4b6b254e018e55 | Triage

Sharing

General

Target

77ebacda163e56d2dd052c9e8ca0d8fb72f8eb5412c2f0770a4b6b254e018e55
Size

40KB
Sample

221128-czhztsgh62
MD5

1b0ad3e4142d42c19860ff6244a11804
SHA1

6903739a09704068e053081fe0134d1f1ac325af
SHA256

77ebacda163e56d2dd052c9e8ca0d8fb72f8eb5412c2f0770a4b6b254e018e55
SHA512

1a02e85c4d6ee5d10d21f0909047e38e00743b57d2fe844f3fa7e713f5c22330241a3e0b51112342e9996af2fcb1f6edaea19cdc78415e573cdb41c6caa718d1
SSDEEP

768:nyxqjQl/EMQt4Oei7RwsHxKANM0nDhlzOQdJ:yxqjQ+P04wsZLnDrC

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  77ebacda163e56d2dd052c9e8ca0d8fb72f8eb5412c2f0770a4b6b254e018e55
- Size
  
  40KB
- MD5
  
  1b0ad3e4142d42c19860ff6244a11804
- SHA1
  
  6903739a09704068e053081fe0134d1f1ac325af
- SHA256
  
  77ebacda163e56d2dd052c9e8ca0d8fb72f8eb5412c2f0770a4b6b254e018e55
- SHA512
  
  1a02e85c4d6ee5d10d21f0909047e38e00743b57d2fe844f3fa7e713f5c22330241a3e0b51112342e9996af2fcb1f6edaea19cdc78415e573cdb41c6caa718d1
- SSDEEP
  
  768:nyxqjQl/EMQt4Oei7RwsHxKANM0nDhlzOQdJ:yxqjQ+P04wsZLnDrC
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer