neshta | 37a00a3e1bd9b6fec98c51ffe0777eebac65496e4713850285a17e701454cbd6 | Triage

Submit
Reports

Overview

overview

Static

static

37a00a3e1b...d6.exe

windows7-x64

37a00a3e1b...d6.exe

windows10-2004-x64

Sharing

General

Target

37a00a3e1bd9b6fec98c51ffe0777eebac65496e4713850285a17e701454cbd6
Size

288KB
Sample

240424-zdscpshc48
MD5

dc34f6c86f7180e382216f5f5985067a
SHA1

dc668963f1de7c7ea076136f5d224f6c5a0b0fa9
SHA256

37a00a3e1bd9b6fec98c51ffe0777eebac65496e4713850285a17e701454cbd6
SHA512

be7f28f6d1bb813abdc95d7ac5af2b247f99f0ec9d266ebf63c00952da3aaf4447ea4c6f90da6a0fe6538ef6fbbe42dc1330e59941cea21ede76e99e8830aa99
SSDEEP

6144:k9Zb1xPF+vdvvxh6Z0fzVIajNDwKhnVxW:y1xPF+vdvv/20fhISKynVxW

Score

10^/10

neshta persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

37a00a3e1bd9b6fec98c51ffe0777eebac65496e4713850285a17e701454cbd6.exe

Resource

win7-20231129-en

neshta persistence spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

37a00a3e1bd9b6fec98c51ffe0777eebac65496e4713850285a17e701454cbd6.exe

Resource

win10v2004-20240412-en

neshta persistence spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  37a00a3e1bd9b6fec98c51ffe0777eebac65496e4713850285a17e701454cbd6
- Size
  
  288KB
- MD5
  
  dc34f6c86f7180e382216f5f5985067a
- SHA1
  
  dc668963f1de7c7ea076136f5d224f6c5a0b0fa9
- SHA256
  
  37a00a3e1bd9b6fec98c51ffe0777eebac65496e4713850285a17e701454cbd6
- SHA512
  
  be7f28f6d1bb813abdc95d7ac5af2b247f99f0ec9d266ebf63c00952da3aaf4447ea4c6f90da6a0fe6538ef6fbbe42dc1330e59941cea21ede76e99e8830aa99
- SSDEEP
  
  6144:k9Zb1xPF+vdvvxh6Z0fzVIajNDwKhnVxW:y1xPF+vdvv/20fhISKynVxW
Score

10^/10

neshta persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2024

Terms | Privacy