neshta | 0fc8b6d8ec9a30e52b00eba55c79b4a8326276dda9818f880d89f5ce4c35ab35 | Triage

Submit
Reports

Overview

overview

Static

static

fa966bb8af...18.exe

windows7-x64

fa966bb8af...18.exe

windows10-2004-x64

Sharing

General

Target

fa966bb8aff59338d53fcd97daf6eece_JaffaCakes118
Size

596KB
Sample

240419-sq4g6sge8w
MD5

fa966bb8aff59338d53fcd97daf6eece
SHA1

6a452518e3b1937ae49bdfd5ae3c6f7184a597e4
SHA256

0fc8b6d8ec9a30e52b00eba55c79b4a8326276dda9818f880d89f5ce4c35ab35
SHA512

f71be2ea54e840e3c0b97206e77043f612a8632cf3661d0d8250dc78d3862e1a25d25abe4e1342d84a3b409c920cd7d687901b57f45393fd2f8339736c0e0218
SSDEEP

12288:zfMBS683y5D1v/YCnekbQKWf+9cSbg7b2yE1iz0CSR2l4hcOqR:zfr6tvgybvISbWb2yzoCY2lbR

Score

10^/10

neshta persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

fa966bb8aff59338d53fcd97daf6eece_JaffaCakes118.exe

Resource

win7-20240215-en

neshta persistence spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

fa966bb8aff59338d53fcd97daf6eece_JaffaCakes118.exe

Resource

win10v2004-20240412-en

neshta persistence spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  fa966bb8aff59338d53fcd97daf6eece_JaffaCakes118
- Size
  
  596KB
- MD5
  
  fa966bb8aff59338d53fcd97daf6eece
- SHA1
  
  6a452518e3b1937ae49bdfd5ae3c6f7184a597e4
- SHA256
  
  0fc8b6d8ec9a30e52b00eba55c79b4a8326276dda9818f880d89f5ce4c35ab35
- SHA512
  
  f71be2ea54e840e3c0b97206e77043f612a8632cf3661d0d8250dc78d3862e1a25d25abe4e1342d84a3b409c920cd7d687901b57f45393fd2f8339736c0e0218
- SSDEEP
  
  12288:zfMBS683y5D1v/YCnekbQKWf+9cSbg7b2yE1iz0CSR2l4hcOqR:zfr6tvgybvISbWb2yzoCY2lbR
Score

10^/10

neshta persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2024

Terms | Privacy