neshta | 72f6b4cf094be5b26144340a7fe584d0ef31db89f8247058e848616c98332cde | Triage

Submit
Reports

Overview

overview

Static

static

72f6b4cf09...de.exe

windows7-x64

72f6b4cf09...de.exe

windows10-2004-x64

5

Sharing

General

Target

72f6b4cf094be5b26144340a7fe584d0ef31db89f8247058e848616c98332cde
Size

222KB
Sample

221130-kwzgeahe8w
MD5

46298919d209aa4453b9475080a8c7d4
SHA1

5d5a5c8a3cacc37f2df3f291cf35600bd56f5488
SHA256

72f6b4cf094be5b26144340a7fe584d0ef31db89f8247058e848616c98332cde
SHA512

d6aa6c79fbdc7a35ecbbfdb5eacbacd88733f5fe93e732cfb158ba2299afe48296aef32cfacf9a36ecf8423a493baa2b07b7a400019b0c6e1145a92a9ca3f874
SSDEEP

3072:fDbJ/nCxIV1tKNsz4oVwqqDbJ/nCxIVZr85Cxr85C:ftl1tk8xVRwtl19N9

Score

10^/10

neshta persistence spyware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

72f6b4cf094be5b26144340a7fe584d0ef31db89f8247058e848616c98332cde.exe

Resource

win7-20220812-en

neshta persistence spyware

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

72f6b4cf094be5b26144340a7fe584d0ef31db89f8247058e848616c98332cde.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  72f6b4cf094be5b26144340a7fe584d0ef31db89f8247058e848616c98332cde
- Size
  
  222KB
- MD5
  
  46298919d209aa4453b9475080a8c7d4
- SHA1
  
  5d5a5c8a3cacc37f2df3f291cf35600bd56f5488
- SHA256
  
  72f6b4cf094be5b26144340a7fe584d0ef31db89f8247058e848616c98332cde
- SHA512
  
  d6aa6c79fbdc7a35ecbbfdb5eacbacd88733f5fe93e732cfb158ba2299afe48296aef32cfacf9a36ecf8423a493baa2b07b7a400019b0c6e1145a92a9ca3f874
- SSDEEP
  
  3072:fDbJ/nCxIV1tKNsz4oVwqqDbJ/nCxIVZr85Cxr85C:ftl1tk8xVRwtl19N9
Score

10^/10

neshta persistence spyware
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespyware

behavioral2

© 2018-2024

Terms | Privacy