neshta | 640c7be1a761f5ac49f17f81fc7a1a8ee8a22bdba59ee23597ce4259e9cdb337 | Triage

Submit
Reports

Overview

overview

Static

static

640c7be1a7...37.exe

windows7-x64

640c7be1a7...37.exe

windows10-2004-x64

Sharing

General

Target

640c7be1a761f5ac49f17f81fc7a1a8ee8a22bdba59ee23597ce4259e9cdb337
Size

416KB
Sample

221202-r2xy4abf9s
MD5

6f8b7cfea6d31b43eb0693fe22439dd9
SHA1

beb9f2ed72864411a7d51574abb15db301cee9ff
SHA256

640c7be1a761f5ac49f17f81fc7a1a8ee8a22bdba59ee23597ce4259e9cdb337
SHA512

75992a4414134cb4b7a58959c0dd3b31589de91fa8a671860aa3dc283e9e66f74e4407771b45bdb8b7ad60a440d20b646c453745c85a9626f8960cbaddf0aa70
SSDEEP

6144:c9ZiTc3NWfJRaEfcPjpinjk2J6gaPs247BrNO4A+r94/q6m:vTc01fcPon5J15H04DgqH

Score

10^/10

neshta persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

640c7be1a761f5ac49f17f81fc7a1a8ee8a22bdba59ee23597ce4259e9cdb337.exe

Resource

win7-20221111-en

neshta persistence spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

640c7be1a761f5ac49f17f81fc7a1a8ee8a22bdba59ee23597ce4259e9cdb337.exe

Resource

win10v2004-20220812-en

neshta persistence spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  640c7be1a761f5ac49f17f81fc7a1a8ee8a22bdba59ee23597ce4259e9cdb337
- Size
  
  416KB
- MD5
  
  6f8b7cfea6d31b43eb0693fe22439dd9
- SHA1
  
  beb9f2ed72864411a7d51574abb15db301cee9ff
- SHA256
  
  640c7be1a761f5ac49f17f81fc7a1a8ee8a22bdba59ee23597ce4259e9cdb337
- SHA512
  
  75992a4414134cb4b7a58959c0dd3b31589de91fa8a671860aa3dc283e9e66f74e4407771b45bdb8b7ad60a440d20b646c453745c85a9626f8960cbaddf0aa70
- SSDEEP
  
  6144:c9ZiTc3NWfJRaEfcPjpinjk2J6gaPs247BrNO4A+r94/q6m:vTc01fcPon5J15H04DgqH
Score

10^/10

neshta persistence spyware stealer
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2024

Terms | Privacy