neshta | 66e09ac60e0c0c5f685796cdf3ea24605ca2eda2d654fd9c48c387ad666b2619 | Triage

Submit
Reports

Overview

overview

Static

static

9f94ac2bb5...cs.exe

windows7-x64

9f94ac2bb5...cs.exe

windows10-2004-x64

Sharing

General

Target

9f94ac2bb5564d72a3e1a69078ea2a30_NeikiAnalytics.exe
Size

1.6MB
Sample

240518-gtga9seh9t
MD5

9f94ac2bb5564d72a3e1a69078ea2a30
SHA1

e0dac861fd41ff26b8cf7a4b2ff6873dd0aa1581
SHA256

66e09ac60e0c0c5f685796cdf3ea24605ca2eda2d654fd9c48c387ad666b2619
SHA512

8efa96d155b639152a92cfb6d684070508cced91ceb81728131985d78b28bd1e2d961bc6f19743f260c465b750280e38670b4e4fe6d773680c883970cdb7863b
SSDEEP

24576:vE3UVzuuVSTy9g1tLD/nDtBHD8R5u6gfGKpdA7MY:cNDLtB8RFgfGUcMY

Score

10^/10

neshta persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

9f94ac2bb5564d72a3e1a69078ea2a30_NeikiAnalytics.exe

Resource

win7-20240221-en

neshta persistence spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

9f94ac2bb5564d72a3e1a69078ea2a30_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

neshta persistence spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  9f94ac2bb5564d72a3e1a69078ea2a30_NeikiAnalytics.exe
- Size
  
  1.6MB
- MD5
  
  9f94ac2bb5564d72a3e1a69078ea2a30
- SHA1
  
  e0dac861fd41ff26b8cf7a4b2ff6873dd0aa1581
- SHA256
  
  66e09ac60e0c0c5f685796cdf3ea24605ca2eda2d654fd9c48c387ad666b2619
- SHA512
  
  8efa96d155b639152a92cfb6d684070508cced91ceb81728131985d78b28bd1e2d961bc6f19743f260c465b750280e38670b4e4fe6d773680c883970cdb7863b
- SSDEEP
  
  24576:vE3UVzuuVSTy9g1tLD/nDtBHD8R5u6gfGKpdA7MY:cNDLtB8RFgfGUcMY
Score

10^/10

neshta persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2024

Terms | Privacy