neshta | 6dd5d1309948dac371cf1cc1083f758ea313161d8658d9d3842e3f908bd280d5 | Triage

Submit
Reports

Overview

overview

Static

static

3

Invoice an...pt.exe

windows7-x64

3

Invoice an...pt.exe

windows10-2004-x64

Sharing

General

Target

Invoice and receipt.exe
Size

727KB
Sample

240416-qcz7gsce2w
MD5

b4b32117b40b70fb1bfeab298ba44557
SHA1

a74707a387129c37ce14a7ebacd053a8864e2e7d
SHA256

6dd5d1309948dac371cf1cc1083f758ea313161d8658d9d3842e3f908bd280d5
SHA512

dbd3f35c3c6b3ebe18276672a607475d0a8a9999b1e666256a7dac3994367c35887109ba8e1106ea04eb2574d387ce9e198d7d2ac0b33fa85865850fad507906
SSDEEP

12288:61ta/jCVo69W+WkpmDodcb1NrOvPA/cxSgDXwJWTrDVylYtnh:g8/jCa69DpOodcbnrOw0ZwJWTrpUYL

Score

10^/10

neshta persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Invoice and receipt.exe

Resource

win7-20240221-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

Invoice and receipt.exe

Resource

win10v2004-20240412-en

neshta persistence spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  Invoice and receipt.exe
- Size
  
  727KB
- MD5
  
  b4b32117b40b70fb1bfeab298ba44557
- SHA1
  
  a74707a387129c37ce14a7ebacd053a8864e2e7d
- SHA256
  
  6dd5d1309948dac371cf1cc1083f758ea313161d8658d9d3842e3f908bd280d5
- SHA512
  
  dbd3f35c3c6b3ebe18276672a607475d0a8a9999b1e666256a7dac3994367c35887109ba8e1106ea04eb2574d387ce9e198d7d2ac0b33fa85865850fad507906
- SSDEEP
  
  12288:61ta/jCVo69W+WkpmDodcb1NrOvPA/cxSgDXwJWTrDVylYtnh:g8/jCa69DpOodcbnrOw0ZwJWTrpUYL
Score

10^/10

neshta persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Event Triggered Execution

Change Default File Association

Scheduled Task/Job

Privilege Escalation

Event Triggered Execution

Change Default File Association

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

neshtapersistencespywarestealer

© 2018-2024

Terms | Privacy