neshta | bf3b702a751e76e2b3e5feac8cb59265bda7a74f5b0632d82176c4f634352a00 | Triage

Sharing

General

Target

bf3b702a751e76e2b3e5feac8cb59265bda7a74f5b0632d82176c4f634352a00
Size

25KB
Sample

221202-ftyd4saf2z
MD5

986a6316938e5503e4815a7b97b8f6b7
SHA1

e07ba106cb3aec7af52db911c745883ba0dda532
SHA256

bf3b702a751e76e2b3e5feac8cb59265bda7a74f5b0632d82176c4f634352a00
SHA512

0062e1693bcb58f4da242474ed941e364405dbc3442cda52fa3e462838a2ea59c1504e5b9901f5720a85ffbe4528e7db9ea1ac93944aef84685291aae6c7ea9f
SSDEEP

384:7Rm8m2vDIKBrGUuCaEvfuBqDhnMdlpOiI7BcgVd1bIz5kpmn7Yo:nm2rsUbxq1fGczum7R

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  bf3b702a751e76e2b3e5feac8cb59265bda7a74f5b0632d82176c4f634352a00
- Size
  
  25KB
- MD5
  
  986a6316938e5503e4815a7b97b8f6b7
- SHA1
  
  e07ba106cb3aec7af52db911c745883ba0dda532
- SHA256
  
  bf3b702a751e76e2b3e5feac8cb59265bda7a74f5b0632d82176c4f634352a00
- SHA512
  
  0062e1693bcb58f4da242474ed941e364405dbc3442cda52fa3e462838a2ea59c1504e5b9901f5720a85ffbe4528e7db9ea1ac93944aef84685291aae6c7ea9f
- SSDEEP
  
  384:7Rm8m2vDIKBrGUuCaEvfuBqDhnMdlpOiI7BcgVd1bIz5kpmn7Yo:nm2rsUbxq1fGczum7R
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespyware