neshta | a702fee8f8be7ff6f79c69e53afb3de5e96b4f07d918ceda0a6e02bf73930ba6 | Triage

Sharing

General

Target

a702fee8f8be7ff6f79c69e53afb3de5e96b4f07d918ceda0a6e02bf73930ba6
Size

40KB
Sample

221128-rebgkshd85
MD5

599b8535eecb37c0ea9f7ea011e58220
SHA1

9f55c0b9f81d288e3822ab55b9e7aa9f160075e0
SHA256

a702fee8f8be7ff6f79c69e53afb3de5e96b4f07d918ceda0a6e02bf73930ba6
SHA512

59d228c88acc0b2c648f5c63377ae40c08f3d5dbd59d15d855c3a2f942fc522f4d2572f7bc031dda7d131a5d1c5f44c5859f728c36b4750a8f6a335a70f7003d
SSDEEP

768:EyxqjQl/EMQt4Oei7RwsHxyP7nbBzOQdJ7yn:DxqjQ+P04wsmZCB

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  a702fee8f8be7ff6f79c69e53afb3de5e96b4f07d918ceda0a6e02bf73930ba6
- Size
  
  40KB
- MD5
  
  599b8535eecb37c0ea9f7ea011e58220
- SHA1
  
  9f55c0b9f81d288e3822ab55b9e7aa9f160075e0
- SHA256
  
  a702fee8f8be7ff6f79c69e53afb3de5e96b4f07d918ceda0a6e02bf73930ba6
- SHA512
  
  59d228c88acc0b2c648f5c63377ae40c08f3d5dbd59d15d855c3a2f942fc522f4d2572f7bc031dda7d131a5d1c5f44c5859f728c36b4750a8f6a335a70f7003d
- SSDEEP
  
  768:EyxqjQl/EMQt4Oei7RwsHxyP7nbBzOQdJ7yn:DxqjQ+P04wsmZCB
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespyware