neshta | f9a0ad80daa93ea280608a93c2cdaccbee31b13372c734fa91b1545f50beba39 | Triage

Submit
Reports

Overview

overview

Static

static

7

PO 42050 ...23.exe

windows7-x64

PO 42050 ...23.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

c3f86895a1acfd35accdb6cc383dd35d.bin
Size

712KB
Sample

240628-dmj7ssxhpd
MD5

e1c2e39e05227c2348f2d1cf2fc44bb4
SHA1

23b17b6cde3b1dbdaba57d29440a4d5a4ec29a0e
SHA256

f9a0ad80daa93ea280608a93c2cdaccbee31b13372c734fa91b1545f50beba39
SHA512

f79a36d9525093ccfe58a48b57bff1419f65646c03b19033d846bba60bf256251b2bcb6646a9e3b7813e9d1278c7b6ec2fc334bccb7f562ec193dde5ff72be14
SSDEEP

12288:GRM024sgJa00xUsUy7VjZbK+abyPrx1ZgI7Jqcy/wT2WEA7ArRYPIMPDzqL:NAmjFj6U1guJMrRYPPPnqL

Score

10^/10

neshta persistence spyware upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

PO 42050 EXP 1423.exe

Resource

win7-20240221-en

neshta persistence spyware upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO 42050 EXP 1423.exe

Resource

win10v2004-20240508-en

neshta persistence spyware upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  PO 42050 EXP 1423.exe
- Size
  
  737KB
- MD5
  
  ae06766ec1be8ae093bbd938c195986d
- SHA1
  
  1f736cf91178489ab25b62e8b88d73b32324dd8d
- SHA256
  
  6eb16df08e9ce41a8c5355c19817741c79386a93c402ffdbbffb5e221e609ab6
- SHA512
  
  674eca0b66ab7ae5eca88f4f8138747ad3df6417fb10f96150bdbbeae1928f713f3ee20b235380d072bc2230873dba0a856314e8bc65ab1401699e9bc721d72b
- SSDEEP
  
  12288:EYV6MorX7qzuC3QHO9FQVHPF51jgcCf1qeO2+Zy7IAUQfRY2kMq/U6CAzADow5uC:DBXu9HGaVHZv2+Zy0QfqF//olP5uC
Score

10^/10

neshta persistence spyware upx
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywareupx

behavioral2

neshtapersistencespywareupx

© 2018-2025

Terms | Privacy