neshta | 2a4366648784112d6edd66fb4a2d364c6cb2d896eebf893c73d72d944b75b3e3 | Triage

Submit
Reports

Overview

overview

Static

static

injector.exe

windows7-x64

injector.exe

windows10-2004-x64

Sharing

General

Target

51d874a199d06016d3908689e285a013_JaffaCakes118
Size

106KB
Sample

240517-2l7hpseh98
MD5

51d874a199d06016d3908689e285a013
SHA1

0d431532826ff0cb7df6b8f143184cbdb5790ba6
SHA256

2a4366648784112d6edd66fb4a2d364c6cb2d896eebf893c73d72d944b75b3e3
SHA512

4e15fbd01a628caa735b7def79d08bad3c162e0ccb6340e0fdefc3d8c41cc810508276402ee055b259c911f6c5525cb28d6f42d0bfdb7bff4bf5125dc9369810
SSDEEP

3072:b5mElKKBi6/Rl8DvCuItDo2KIgx0hWsEsjOhflqfxXz24Hw:bYqB7/Rl8pYD0Igx0hNPjBhw

Score

10^/10

neshta aspackv2 persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

injector.exe

Resource

win7-20240508-en

neshta aspackv2 persistence spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

injector.exe

Resource

win10v2004-20240508-en

neshta aspackv2 persistence spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  injector.exe
- Size
  
  256KB
- MD5
  
  e60ac3bfccae47b4cf56e9a87b8d3455
- SHA1
  
  8a5b754f45ca12aa925f76c44326ad12a6377a3e
- SHA256
  
  39be215880a86a7b308b076c174d947a735e757c0b14b598329ec530344180b6
- SHA512
  
  467a4062a6a87770bc03cace5bf4c3fc099d6a59bf098e0c675091a7cd052c52eb0ea411c1bd3f72130397a65c432997c8cff8c18370dd1db80bb8d85731db80
- SSDEEP
  
  3072:sr85CUmcV1M6MofIFjPU7d9eoZnJq4GMFNXNAvM3FcUrbVmxi9AogJoTRhbbcgVR:k9GX04uUnoAnfcgVkjguXFVnhe6Ta
Score

10^/10

neshta aspackv2 persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

neshtaaspackv2persistencespywarestealer

behavioral2

neshtaaspackv2persistencespywarestealer

© 2018-2024

Terms | Privacy