neshta | 9f494f18af075153be3f977906ee2dcf8bd55dcc84dc2e407e5ddeaaa1983780 | Triage

Sharing

General

Target

9f494f18af075153be3f977906ee2dcf8bd55dcc84dc2e407e5ddeaaa1983780
Size

40KB
Sample

221128-czk47ach6y
MD5

bf31d00b77b6a1310c4cf1e32df8201d
SHA1

a7c02b60631ffbbb969852480059afde2d22cc36
SHA256

9f494f18af075153be3f977906ee2dcf8bd55dcc84dc2e407e5ddeaaa1983780
SHA512

e2b5003f8fc4c0b44d5a443664c7b4612bc0060aa1227b4aa71ae423665aaa44868f21f0bce5dc8df5c94951204b46f1862352bd86186850c6e910eaa61b070f
SSDEEP

768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJo:JxqjQ+P04wsmJCV

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  9f494f18af075153be3f977906ee2dcf8bd55dcc84dc2e407e5ddeaaa1983780
- Size
  
  40KB
- MD5
  
  bf31d00b77b6a1310c4cf1e32df8201d
- SHA1
  
  a7c02b60631ffbbb969852480059afde2d22cc36
- SHA256
  
  9f494f18af075153be3f977906ee2dcf8bd55dcc84dc2e407e5ddeaaa1983780
- SHA512
  
  e2b5003f8fc4c0b44d5a443664c7b4612bc0060aa1227b4aa71ae423665aaa44868f21f0bce5dc8df5c94951204b46f1862352bd86186850c6e910eaa61b070f
- SSDEEP
  
  768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJo:JxqjQ+P04wsmJCV
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer