neshta | 61d4bf0f47de1e1bdc4cbb5e44b9e0c6df1301e3c49d52b1c21d56c669e4e623 | Triage

Sharing

General

Target

61d4bf0f47de1e1bdc4cbb5e44b9e0c6df1301e3c49d52b1c21d56c669e4e623
Size

40KB
Sample

221129-jyrznsea5s
MD5

2f7dfc1d02eeeaabbd8a7e708e9c3666
SHA1

ce80ac8c5fd4c928980e43b6488b94e850a439ec
SHA256

61d4bf0f47de1e1bdc4cbb5e44b9e0c6df1301e3c49d52b1c21d56c669e4e623
SHA512

050ffa46031aab5e8890661e41ecb96a2f16e6ce57c0e9bbe5c6f827b526a7acd6754ead8ec5d6be1d5f069006d462d0f2d5cff20cd736e651b5be56fb0567a6
SSDEEP

768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJRBb0d:JxqjQ+P04wsmJCaAd

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  61d4bf0f47de1e1bdc4cbb5e44b9e0c6df1301e3c49d52b1c21d56c669e4e623
- Size
  
  40KB
- MD5
  
  2f7dfc1d02eeeaabbd8a7e708e9c3666
- SHA1
  
  ce80ac8c5fd4c928980e43b6488b94e850a439ec
- SHA256
  
  61d4bf0f47de1e1bdc4cbb5e44b9e0c6df1301e3c49d52b1c21d56c669e4e623
- SHA512
  
  050ffa46031aab5e8890661e41ecb96a2f16e6ce57c0e9bbe5c6f827b526a7acd6754ead8ec5d6be1d5f069006d462d0f2d5cff20cd736e651b5be56fb0567a6
- SSDEEP
  
  768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJRBb0d:JxqjQ+P04wsmJCaAd
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer