neshta | 00d3cc629ebc21e73835d022cf107b53fcd97fb849cb8b616cb6c59ff61e50dc | Triage

Submit
Reports

Overview

overview

Static

static

Device/Har...rt.exe

windows7-x64

Device/Har...rt.exe

windows10-2004-x64

Sharing

General

Target

LAP092_2022-11-29_11_19_44.zip
Size

432KB
Sample

221129-xhydeaac6x
MD5

50357609903abe014936f7a6ff86b2cf
SHA1

142126e7c1c9f2231cae5b6a67cc06c8f7a4a238
SHA256

00d3cc629ebc21e73835d022cf107b53fcd97fb849cb8b616cb6c59ff61e50dc
SHA512

2cf459e27b3359922d26d3029b6e9c4491e5c4b0a0f3e29561e4b3175843df9f7af54c042a4b98aa240ab051e25a2341497db310e8746bfb34d2382be04800f3
SSDEEP

12288:f5HOfpTORPVkHQEOiKLPiE5f7Tr5QDeAwKLbcG:hepTORP0QEXKLPpRqX

Score

10^/10

neshta persistence spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Device/HarddiskVolume4/Users/tim1k/AppData/Local/WebEx/WebEx64/Meetings/wbxreport.exe

Resource

win7-20220812-en

neshta persistence spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Device/HarddiskVolume4/Users/tim1k/AppData/Local/WebEx/WebEx64/Meetings/wbxreport.exe

Resource

win10v2004-20221111-en

neshta persistence spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  Device/HarddiskVolume4/Users/tim1k/AppData/Local/WebEx/WebEx64/Meetings/wbxreport.exe
- Size
  
  2.5MB
- MD5
  
  01b891763adad5caaa8b5f25da141f92
- SHA1
  
  4586fc3c7ab0fa768fd8cd4d39c91e9fadb00735
- SHA256
  
  4d42f0af47dfbe2cb2cd5a36e0853a2e9abef4915a41a93cc1c1cf4e80a06eda
- SHA512
  
  82adf851965b063432788f308aec74e6c2f6a033eb90fc708956fead6ae11cc0e3cce07f0e7c86f60b87215fb322c3561272e3ae13be78939e85ef90d7729f6a
- SSDEEP
  
  12288:a7XSDM7lMqd1JbAiw9ng9kmY+xgDTkDnit9KbjgA:a7XSQ915cqkmmTkDn0A
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2024

Terms | Privacy