neshta | 542918b6def9c9ecd21dfc946545f44ee928f02be33efc0fec2d028d4341d41e | Triage

Submit
Reports

Overview

overview

Static

static

BlitzedGrabberV12.exe

windows10-2004-x64

Sharing

General

Target

BlitzedGrabberV12.exe
Size

1.7MB
Sample

230309-apf2dagf8w
MD5

d9b83c99818f7f4c02a42008eeecd9d8
SHA1

d574c658c7f22a0684610d65866beb563a42151a
SHA256

542918b6def9c9ecd21dfc946545f44ee928f02be33efc0fec2d028d4341d41e
SHA512

2e641b7e5978f53a2609dfdb129801098966de8f868511fa77e29cd87816590ef75652beb992b8063958ce27a890f0dedd96340e1b7e8443edebe071f6c1b8a2
SSDEEP

24576:+xAskWeOT4n5lLHxnpL2Q/NLmKgDJ68p4C8BsePDigEoXh7O83igweBAWgtd:2AznU4n9t2ELj18p4BDifoM83ig9Apv

Score

10^/10

neshta agilenet persistence spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

BlitzedGrabberV12.exe

Resource

win10v2004-20230220-en

neshta agilenet persistence spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  BlitzedGrabberV12.exe
- Size
  
  1.7MB
- MD5
  
  d9b83c99818f7f4c02a42008eeecd9d8
- SHA1
  
  d574c658c7f22a0684610d65866beb563a42151a
- SHA256
  
  542918b6def9c9ecd21dfc946545f44ee928f02be33efc0fec2d028d4341d41e
- SHA512
  
  2e641b7e5978f53a2609dfdb129801098966de8f868511fa77e29cd87816590ef75652beb992b8063958ce27a890f0dedd96340e1b7e8443edebe071f6c1b8a2
- SSDEEP
  
  24576:+xAskWeOT4n5lLHxnpL2Q/NLmKgDJ68p4C8BsePDigEoXh7O83igweBAWgtd:2AznU4n9t2ELj18p4BDifoM83ig9Apv
Score

10^/10

neshta agilenet persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtaagilenetpersistencespywarestealer

© 2018-2024

Terms | Privacy