neshta | 9ad6b4a46e56198dd379b3c83421b5a42e1fffb691190a04ef554e0d83e9f6df | Triage

Submit
Reports

Overview

overview

Static

static

9ad6b4a46e...df.exe

windows7-x64

9ad6b4a46e...df.exe

windows10-2004-x64

Sharing

General

Target

9ad6b4a46e56198dd379b3c83421b5a42e1fffb691190a04ef554e0d83e9f6df
Size

161KB
Sample

240522-ej17ksbd53
MD5

e9e4e48c6d0bef4675e0decccd4823cd
SHA1

f2557b928ed3182c2844429eb20d041c05c70b40
SHA256

9ad6b4a46e56198dd379b3c83421b5a42e1fffb691190a04ef554e0d83e9f6df
SHA512

200b8cb0a7d8f417953f8fefa80b010c1ee6f07ff1820e1cede8d6faa3755d2a7cfbbbaebf66dc793ce5c8a5d8a571f1191c844953eedcfaba13c5f5efd0b7ec
SSDEEP

3072:sr85CbJjEs01/ttvjGLX+Q4K8ZAk/WGLr/JRx+IRsG4Xxkgn:k9bJjEs0BjGmKRAR+IRWHn

Score

10^/10

neshta persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

9ad6b4a46e56198dd379b3c83421b5a42e1fffb691190a04ef554e0d83e9f6df.exe

Resource

win7-20240221-en

neshta persistence spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

9ad6b4a46e56198dd379b3c83421b5a42e1fffb691190a04ef554e0d83e9f6df.exe

Resource

win10v2004-20240508-en

neshta persistence spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  9ad6b4a46e56198dd379b3c83421b5a42e1fffb691190a04ef554e0d83e9f6df
- Size
  
  161KB
- MD5
  
  e9e4e48c6d0bef4675e0decccd4823cd
- SHA1
  
  f2557b928ed3182c2844429eb20d041c05c70b40
- SHA256
  
  9ad6b4a46e56198dd379b3c83421b5a42e1fffb691190a04ef554e0d83e9f6df
- SHA512
  
  200b8cb0a7d8f417953f8fefa80b010c1ee6f07ff1820e1cede8d6faa3755d2a7cfbbbaebf66dc793ce5c8a5d8a571f1191c844953eedcfaba13c5f5efd0b7ec
- SSDEEP
  
  3072:sr85CbJjEs01/ttvjGLX+Q4K8ZAk/WGLr/JRx+IRsG4Xxkgn:k9bJjEs0BjGmKRAR+IRWHn
Score

10^/10

neshta persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2024

Terms | Privacy