neshta | 3783d392ac50e66c8823fbce8145f38b3a25562309a17aed0a48787addd40f96 | Triage

Submit
Reports

Overview

overview

Static

static

3783d392ac...96.exe

windows7-x64

3783d392ac...96.exe

windows10-2004-x64

Sharing

General

Target

3783d392ac50e66c8823fbce8145f38b3a25562309a17aed0a48787addd40f96
Size

923KB
Sample

221130-av4dvsff6y
MD5

33392da2014b2a33e65d3f2399ab4720
SHA1

4d0c88da530115f4b5457a694d74755d205ce7f8
SHA256

3783d392ac50e66c8823fbce8145f38b3a25562309a17aed0a48787addd40f96
SHA512

229ce56da398562eb42c10a4f0463347af417e0774ec7f16e9b1f441e60b85d5cf4081749f8a73bfe53b372a623baed115fa62bd616819b2870061911fa0b68d
SSDEEP

24576:5XmGK7yRrPg37nzH2A6AoLM8b0ekeHJXExgTPV:5XegrPg37nzH2A6AhGke6s

Score

10^/10

neshta persistence spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3783d392ac50e66c8823fbce8145f38b3a25562309a17aed0a48787addd40f96.exe

Resource

win7-20221111-en

neshta persistence spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

3783d392ac50e66c8823fbce8145f38b3a25562309a17aed0a48787addd40f96.exe

Resource

win10v2004-20220812-en

neshta persistence spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  3783d392ac50e66c8823fbce8145f38b3a25562309a17aed0a48787addd40f96
- Size
  
  923KB
- MD5
  
  33392da2014b2a33e65d3f2399ab4720
- SHA1
  
  4d0c88da530115f4b5457a694d74755d205ce7f8
- SHA256
  
  3783d392ac50e66c8823fbce8145f38b3a25562309a17aed0a48787addd40f96
- SHA512
  
  229ce56da398562eb42c10a4f0463347af417e0774ec7f16e9b1f441e60b85d5cf4081749f8a73bfe53b372a623baed115fa62bd616819b2870061911fa0b68d
- SSDEEP
  
  24576:5XmGK7yRrPg37nzH2A6AoLM8b0ekeHJXExgTPV:5XegrPg37nzH2A6AhGke6s
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2024

Terms | Privacy