neshta

Sharing

Copy URL

Twitter E-mail

General

Target

GRINGA.rar
Size

187.8MB
Sample

230331-natktaag71
MD5

41321ec22e4cbaff3952da005cd9b42d
SHA1

feaa6612d2147f87327dfd5fd917735fd7a48834
SHA256

fdcb3e322b8dde7c299effd302a4292b1b673a2171514333cb14b3df8db6ad2c
SHA512

cabb2ec5f4dfbd6378074b65c58838cfc53c80fc345ab6b8bb2598fd22ec9ef15ca217f26c72c095e639204cddecc091e6234c0d59aa02db497cab94c3c75b06
SSDEEP

3145728:l8i2evkzBMawn53rnT7htFPJbofObiiGTNNseJBym4ncd+M7RZ6WBblRkfmj48QK:Xvklq5bnZPJbo2O3GeJByRabzBemjP

Score

10^/10

Malware Config

Targets

- Target
  
  DecryptNovo.exe
- Size
  
  2.8MB
- MD5
  
  1c73eefcec088f539914a70d49777dab
- SHA1
  
  89dc3ae4777ed534543c31d54151a6938c23f668
- SHA256
  
  e6b5ffc38fd7214f723394c2b133339b426f5a8d236b8a073859b1d173c09fd8
- SHA512
  
  9eac52d958db3dbbcaef903f965363930b8e1f0281948c033cb8657612ca0d51100b4def21c6786a5aa22bff18d8d253e3024e7a256a089f84d979a92531a265
- SSDEEP
  
  49152:1I7+r/51z6SC9SFgiJGL6N1j6oT/petj:1IqrxNk6N1me0
Score

10^/10

neshta persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2
- Target
  
  Util/__history/uVarC.pas.~299~
- Size
  
  56KB
- MD5
  
  1d89cab93a7ecdc7d21e5b2bd48d9a61
- SHA1
  
  8403cd47165d972d1da56590e27f2e922f4f628c
- SHA256
  
  1213c85e97636bbdd8cef95d62c3f1ff9ff9d032eaa141ebf29b8068d43a1bb3
- SHA512
  
  d980becd28f1398a5311b57bcb5d4b345d30081bd9822e9a66cc7830f3cb28844635d0e7c457a1c2f65a99b3181658d1fa39c3a36dea123328892b33524707cb
- SSDEEP
  
  384:jg0JT924A04rY2eo7M7K6nplck7IcdJGQ0ZUPiMp1c0kqpAbs+PkHpnH2r0EWZLf:jg09924UZen7C3OxkqwPPWZL9F82F
Score

1^/10
behavioral3 behavioral4
- Target
  
  Util/__history/uVarC.pas.~300~
- Size
  
  56KB
- MD5
  
  664de8ffedfe947570b422e1658b5234
- SHA1
  
  1fceb0ab1c9793dac4163ffbdf5d6c436cf55a45
- SHA256
  
  c0f955b47ed4b7ccfeb598e97db99f02bf64f2650950f63628c97a21b98bcb98
- SHA512
  
  ff31c91230fbd839bdef3b7e7dd3983c1f3fd13c59a80122397dbed5d90f068904a6ed0626a539930cebf8e63b9d793010fae9afc7387160718c406321b4d6ab
- SSDEEP
  
  384:jg0JT924A04rY2eo7M7K6nplck7IcdJGQ0ZUPiMp1c0kqpAbs+PkHpnH2r0EWZLN:jg09924UZen7C3OxkqwPPWZLvF82F
Score

1^/10
behavioral5 behavioral6
- Target
  
  Util/__history/uVarC.pas.~301~
- Size
  
  56KB
- MD5
  
  66593e14cc9fa5ae901b78852b187826
- SHA1
  
  d086cb64922bad325f5f37812f06be1323bb2137
- SHA256
  
  aa8a8fcb4d4c880e33720d966ffbad738cb94f4b43a61bb837a18b20f8b01a2e
- SHA512
  
  1c37b61c73305a113833fc5dd31bdf7c3cac649d3e3ded8ce52ad2d7f842a27489b84180a489702083a9f5a4616fed9f9a5136f9df9e019a4c654f9fc037bc3a
- SSDEEP
  
  384:jg0JT924A04rY2eo7M7K6nplck7IcdJGQ0ZUPiMp1c0kqpAbs+PkHpnH2r0EWZLD:jg09924UZen7C3OxkqwPPWZLxF82F
Score

1^/10
behavioral7 behavioral8
- Target
  
  Util/__history/uVarC.pas.~302~
- Size
  
  56KB
- MD5
  
  282793a98b482cbc1829e6a09a587f83
- SHA1
  
  47d6fb33355489809cff4426dd8a73b7cafe7158
- SHA256
  
  22dcbeb9073f881da696fda72f318008246ef54f35729cdf71fe5f4521b67274
- SHA512
  
  74e801deecdee063aa056835d2c8a4f3e029fc4facbe9c755acf4bcf0f20fd23a790353d3ea3a08f13817ca4c3371747da13c3dabe1b4c89111b2e41fd8d87b3
- SSDEEP
  
  384:jg0JT924A04rY2eo7M7K6nplckKIcdJGQ0ZUPiMp1c0kqpAbs+PkHpnH2r0EWZLj:jg09924UZenKC3OxkqwPPWZL7F8IF
Score

1^/10
behavioral10 behavioral9
- Target
  
  Util/__history/uVarC.pas.~303~
- Size
  
  56KB
- MD5
  
  bffc39b491ee091ff14f33f1c21c0722
- SHA1
  
  2ae7ea8d84f2471bf7639f13ef36c92c0b82ec23
- SHA256
  
  6c6ee728e09f9adf39eb9088a665f73b1b7234a04bd398701abec7866021c0ab
- SHA512
  
  6cb74eef54fd17b442cc15c474ecabb5693e042a578f98c1aea596e75cd5320d5729373257a442b62fa3a727eaab7d7b28ed802109b11a9d2bc39e63c913d59c
- SSDEEP
  
  384:jg0JT924A04rY2eo7M7K6nplckKIcdJGQ0ZUPiMp1c0kqpAbs+PkHpnH2r0EWZLM:jg09924UZenKC3OxkqwPPWZLeF8IF
Score

1^/10
behavioral11 behavioral12
- Target
  
  Util/__history/uVarC.pas.~304~
- Size
  
  56KB
- MD5
  
  dc98baea28755ee3421c0ab03b888500
- SHA1
  
  940ad74e5e6a5f40b7206ee6ce8978071f32c656
- SHA256
  
  ab6c09335da6beb5bc24f152d15be93b258f6fecd3fe44514edc2323a227020a
- SHA512
  
  6cbe79767a65d8d06836b8cdf43b18972a6169354aeee72c669af0c7cc4e84b5ab4c1945873ad6e81e84dd22391b80a3db693129e03b1a8765ebb2e3e4bcb976
- SSDEEP
  
  384:jg0JT924A0arY2eo7M7K6nplckKIcdJGQ0ZUPiMp1c0kqpAbs+PkHpnH2r0EWZLM:jg09924yZenKC3OxkqwPPWZLeF8IF
Score

1^/10
behavioral13 behavioral14
- Target
  
  Util/__history/uVarC.pas.~305~
- Size
  
  57KB
- MD5
  
  1aa07ee2c2daf293e23b154497e2c809
- SHA1
  
  c484733382c411ed1cd86ad0846f3db108faf827
- SHA256
  
  2c49cb33a63bcad53cba14de12bce2683f390921774020c1ef29ea1ba010e398
- SHA512
  
  d49fffb436cb4852757ec2007294c67463edf78919d8eb6e3df9a253f4f7df24124d1dd1e345ede753225590711b5fdcba4f7eab48f5310971492f690186558a
- SSDEEP
  
  384:jg0JT924A0arY2eo7M7K6nplckKIcdJGQ0ZUPiMp1c0kqpAbs+PkHpnH2r0EWZLf:jg09924yZenKC3OxkqwPPWZLeF8vF
Score

1^/10
behavioral15 behavioral16
- Target
  
  Util/__history/uVarC.pas.~306~
- Size
  
  57KB
- MD5
  
  b8a5a0a433aa7e7a1a7386c3ca20d685
- SHA1
  
  15041e1790f663b5482c178a68be088452b7bd81
- SHA256
  
  2e27b5c3cc7b426a7625334c3ba7ae7585c95ee74fa8f557aed67503f2f7152c
- SHA512
  
  b82bfd7fea165af9a295235eaa1226f62f05070e2f2e9c26d76206fd9fed9d90dcbc927562f115ca3a36a3946b9ed038584c568fbf4cc2dc9e6a9617185b4c62
- SSDEEP
  
  384:+g0JT924A0arY2eo7M7K6nplckKIcdJGQ0ZUPiMp1c0kqpAbs+PkHpnH2r0EWZLf:+g09924yZenKC3OxkqwPPWZLeF8vF
Score

1^/10
behavioral17 behavioral18
- Target
  
  Util/__history/uVarC.pas.~307~
- Size
  
  59KB
- MD5
  
  d9d863451ac963e7ecac34c63439a6ab
- SHA1
  
  6a9ca04d6bf974117f3152c85383caa6875f9f19
- SHA256
  
  046ab9c9593ed4dbf581f96e839b7f3dfdfaad96c99e2af26ae210cb0717fb5e
- SHA512
  
  c466dffe98e6dcd1079182e042c6b516dfad4d939d0ed92a1be52229e58a21aa5bcec030f16ab53d879b509cd1380435a0adb573e375968b4cd1f7856cd01d82
- SSDEEP
  
  384:+g0JT924A0arY2eo7M7K6nplckOYcdJGQ0ZUPRMp1c9kqpAbs+PkHpnH2r0EWW4s:+g09924yZenOS3OlkqwPPWW4hU8WF
Score

1^/10
behavioral19 behavioral20
- Target
  
  Util/__history/uVarC.pas.~308~
- Size
  
  59KB
- MD5
  
  1d903acc3f8407d35b403e19bc21a8da
- SHA1
  
  c373a9b0f0c0e10a5f44f8a3d799d3b355156666
- SHA256
  
  259961005a57b3c171e6adf57659f055f949dc4813f59fc5e41d9594ad00e7a6
- SHA512
  
  ac88511aefca18c9383a583c62fa8851df2955ef95bb57664ee787c61bfa55d46b8472dd150502ac2c77deea651d3c9a3e52a9a526981e57aef274b5709b8ccd
- SSDEEP
  
  384:+g0JW924A0arY2eo7M7K6nplcksXcdJGQ0ZUPTMp1cnkqpAbs+PkHpnH2r0EWeFZ:+g0k924yZensP3OVkqwPPWeFY38tF
Score

1^/10
behavioral21 behavioral22
- Target
  
  Util/backup/__history/uC.pas.~1~
- Size
  
  55KB
- MD5
  
  056e6d357572f439871a12e957bf75c9
- SHA1
  
  65faf70931acba8920a33e3457cefe1a877ae819
- SHA256
  
  520030fb4790f7432388402cb54e82b7286ebbbad36964895d42fd130ded55c5
- SHA512
  
  aa63619c4731c4afba075b99b28c1fc3af35b72fad6238cf15c1ca672c5d5e9108d426909a89da4ed534be52d2f40fcca11961ff650c8dfc3a30cb23e6fefd10
- SSDEEP
  
  384:TgDWVthUvIhbrWF1OAUY5tQa1SzFUo7MxjRNxH5jcdg9rAcMG/lzos+PkHpnH2r5:TgDW/hUuWF3UY56UPT9GcMG/qP9EOjLD
Score

1^/10
behavioral23 behavioral24
- Target
  
  Util/backup/__history/uC.pas.~2~
- Size
  
  56KB
- MD5
  
  6afc4fc70ef2af0f8b374d39858a9b40
- SHA1
  
  b924b42538052a6bebba164e098bf24bed3a141b
- SHA256
  
  0cb653cdd181e19c63ab75f1e91247914a1e8db885c84f47e2cdf82a6cd31a63
- SHA512
  
  8abb29681d61463ab2259dfe0df723571a70cdf34a0548d1d3467405fc142b8a6ebc1c80edba998d033b70e1667520993fbb68499800e8e31cbff109e2a4ec56
- SSDEEP
  
  768:TgDWwr/tUuWF3UY56UPT9GcMG/qP9EOjdD:TIUuWp70SIlE8dD
Score

1^/10
behavioral25 behavioral26
- Target
  
  Util/backup/uC.pas
- Size
  
  64KB
- MD5
  
  628981f328f6add5baa4a8211bcb96ee
- SHA1
  
  118d570a93cfcf150cada30d5a82d4a135a3891d
- SHA256
  
  6acd48ca89ad4021dffae0d0a04236cace75a04d95159627cbd5af4159d74dc0
- SHA512
  
  8142c0a8597ddda75f58b3ba97070e83776507650494c6090927a07e5d9f6c8f1d5fab73f0cffa875eda75b5ecf53946b6252194aac994e366e3bb1b766e24b0
- SSDEEP
  
  768:cgPN76VreKuWFSUY56uVT9GcMG/2Pm0Ojm7:cW64KuW470ujwu08m7
Score

1^/10
behavioral27 behavioral28
- Target
  
  Util/backup/uLib.pas
- Size
  
  3KB
- MD5
  
  078fc7463752e34c22df1d0d48e1dce0
- SHA1
  
  40313f48ae1f2d8f1318fcb8a85e7ad8b9a1810e
- SHA256
  
  01c32fab72b53c3db76d10c0cd210927d2bdbed4ef0fa3aca0dcdef2f13dedbb
- SHA512
  
  1528230db3da23afbef46c4e1832e01a6ebccd5f21eb657424045643eee0c7ba16d392c93e5149e199c850b305da0d13e198afb440b518b1aa083b4bb9fead7a
Score

3^/10
behavioral29 behavioral30
- Target
  
  Util/uLib.pas
- Size
  
  3KB
- MD5
  
  078fc7463752e34c22df1d0d48e1dce0
- SHA1
  
  40313f48ae1f2d8f1318fcb8a85e7ad8b9a1810e
- SHA256
  
  01c32fab72b53c3db76d10c0cd210927d2bdbed4ef0fa3aca0dcdef2f13dedbb
- SHA512
  
  1528230db3da23afbef46c4e1832e01a6ebccd5f21eb657424045643eee0c7ba16d392c93e5149e199c850b305da0d13e198afb440b518b1aa083b4bb9fead7a
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

T1042

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detect Neshta payload

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Modifies system executable filetype association

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32