neshta | 29ef45674dff9b87bcec73404c08d4c4264747119efdd33867b8d9a84cbbde51 | Triage

Submit
Reports

Overview

overview

Static

static

Seronxelia.exe

windows10-2004-x64

Resubmissions

22/07/2023, 16:57

230722-vgfqvsca7w 10

22/07/2023, 16:55

230722-vfberabe82 10

Sharing

Copy URL Twitter E-mail

General

Target

Seronxelia.exe
Size

967KB
Sample

230722-vgfqvsca7w
MD5

46a3d8811d01026d94d8e759523e23a9
SHA1

419901b53b71cca4c64b448a29e4efe786b434a3
SHA256

29ef45674dff9b87bcec73404c08d4c4264747119efdd33867b8d9a84cbbde51
SHA512

ab058b5b5835ba9e582c03ebef783ca911837693e3005cb9dea1ac62d09b18bd390415908ab94e16a15d6bad748ddbc7e8630eaf968b3383202b6e28f111face
SSDEEP

12288:J7h7MLK768G5VBCLTj71QnhFkyHYSNau90gn8iD6/5PI1boANc1vZ3Mqwwdf+Y:JR7W8GyOnDpmdIaAS1xNh+Y

Score

10^/10

neshta persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Seronxelia.exe

Resource

win10v2004-20230703-en

neshta persistence spyware stealer

windows10-2004-x64

12 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Seronxelia.exe
- Size
  
  967KB
- MD5
  
  46a3d8811d01026d94d8e759523e23a9
- SHA1
  
  419901b53b71cca4c64b448a29e4efe786b434a3
- SHA256
  
  29ef45674dff9b87bcec73404c08d4c4264747119efdd33867b8d9a84cbbde51
- SHA512
  
  ab058b5b5835ba9e582c03ebef783ca911837693e3005cb9dea1ac62d09b18bd390415908ab94e16a15d6bad748ddbc7e8630eaf968b3383202b6e28f111face
- SSDEEP
  
  12288:J7h7MLK768G5VBCLTj71QnhFkyHYSNau90gn8iD6/5PI1boANc1vZ3Mqwwdf+Y:JR7W8GyOnDpmdIaAS1xNh+Y
Score

10^/10

neshta persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

© 2018-2025

Terms | Privacy