neshta | 6ac8a790062b14482471d3905eafecd331e37356be2415b4979cbfa140e0dd8c | Triage

Sharing

General

Target

6ac8a790062b14482471d3905eafecd331e37356be2415b4979cbfa140e0dd8c
Size

180KB
Sample

221129-jx2gqaah42
MD5

eb2e9b858a7f8c25087a82a79653066e
SHA1

18a0f6d4945cf4125ba23bd6d3a6f6c114675f21
SHA256

6ac8a790062b14482471d3905eafecd331e37356be2415b4979cbfa140e0dd8c
SHA512

c501cdddb754e1aa98d2e4d5e60280366c05ef53e49a8f56bf67b00c4ad45f19985412c155fa244d91d566f7c1462adf6d9b81d728dc8bb8e25b44a8b127936f
SSDEEP

1536:yxqjQ+P04wsZLnDrCvfViTwxnOIZr3bKsKw3fGVGinQh6gogv9bPAK4BkI1iN8:zr8WDrC1BasVf/Vzogv9bv4BkI1s8

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  6ac8a790062b14482471d3905eafecd331e37356be2415b4979cbfa140e0dd8c
- Size
  
  180KB
- MD5
  
  eb2e9b858a7f8c25087a82a79653066e
- SHA1
  
  18a0f6d4945cf4125ba23bd6d3a6f6c114675f21
- SHA256
  
  6ac8a790062b14482471d3905eafecd331e37356be2415b4979cbfa140e0dd8c
- SHA512
  
  c501cdddb754e1aa98d2e4d5e60280366c05ef53e49a8f56bf67b00c4ad45f19985412c155fa244d91d566f7c1462adf6d9b81d728dc8bb8e25b44a8b127936f
- SSDEEP
  
  1536:yxqjQ+P04wsZLnDrCvfViTwxnOIZr3bKsKw3fGVGinQh6gogv9bPAK4BkI1iN8:zr8WDrC1BasVf/Vzogv9bv4BkI1s8
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer