neshta | 5c31b3c16d281ed9c1ec20c6b9dc8d0292aa37c70b2acda85ecb2ecfbb202042 | Triage

Submit
Reports

Overview

overview

Static

static

fd0d28aaa3...8e.exe

windows7-x64

fd0d28aaa3...8e.exe

windows10-2004-x64

Sharing

General

Target

5c31b3c16d281ed9c1ec20c6b9dc8d0292aa37c70b2acda85ecb2ecfbb202042
Size

23KB
Sample

240419-tjfm7sgf25
MD5

506efda2c0c53fecab6a8a93da4cc63e
SHA1

0ebf23a70eb7952b13882c04d33e5e6499acacb2
SHA256

5c31b3c16d281ed9c1ec20c6b9dc8d0292aa37c70b2acda85ecb2ecfbb202042
SHA512

43b1f8b86edf0bff46a90b1b6c0fa8c8a6d987e923154ac1c89d7e9c7728fffb5533bcb95712cfa746451adfa48085c499ecfdf5f1b6f200a32dfd44cf6f7a58
SSDEEP

384:DTHS+sp5i1yuPdPUuJfB6ktb291uBXjlK/kItstRTo5NzhSZ6vtVy+X562Jbx7OJ:DjS5p5i1yu1pek4fuhj4aTZcFXIWl76

Score

10^/10

neshta persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

fd0d28aaa381a2c518c1353c1ccdb7c9245a6a599f07622906f21c5d7be2718e.exe

Resource

win7-20240221-en

neshta persistence spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

fd0d28aaa381a2c518c1353c1ccdb7c9245a6a599f07622906f21c5d7be2718e.exe

Resource

win10v2004-20240412-en

neshta persistence spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  fd0d28aaa381a2c518c1353c1ccdb7c9245a6a599f07622906f21c5d7be2718e.exe
- Size
  
  40KB
- MD5
  
  ba74ebd7dedafcb380356630c12f3098
- SHA1
  
  f3c4c1cd6a077600444fcb10c2365767b2ce1372
- SHA256
  
  fd0d28aaa381a2c518c1353c1ccdb7c9245a6a599f07622906f21c5d7be2718e
- SHA512
  
  30a645d08af7aa39793c318f7725d4a69c037eb7d724ad8e6d15a999b8f4f56e869328a92f472c75ebd1e382ac00449dcbbafa1783f02f19b26fc082cae46304
- SSDEEP
  
  768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJZtvn:JxqjQ+P04wsmJC
Score

10^/10

neshta persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2024

Terms | Privacy