neshta | e00dd7eb22f4c0edd534efd84e64dd0129826b4175697e925ebb551b5a33421f | Triage

Submit
Reports

Overview

overview

Static

static

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

Copy URL Twitter E-mail

General

Target

e00dd7eb22f4c0edd534efd84e64dd0129826b4175697e925ebb551b5a33421f
Size

148KB
Sample

240701-hwnnsssclj
MD5

afb27825d8a45bea2992eca0e060a968
SHA1

4ba416298adc14aae5b27dcbf29d12b4fdc4fbb8
SHA256

e00dd7eb22f4c0edd534efd84e64dd0129826b4175697e925ebb551b5a33421f
SHA512

75070ba706ca43404d54e75a58b36e4178892822d6aea2bec5304931c57b5fad0b4d52750da5ed3bde1fb0f86d5481bc8106b23be497a5593627ecaecf12de43
SSDEEP

3072:wr85Cl7A5G390uDmJTQSaMm5/6lWOax9ggPppjdz7eqQfZ86:w9ZqWlQWx3PppjdPsZ86

Score

10^/10

neshta persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

e00dd7eb22f4c0edd534efd84e64dd0129826b4175697e925ebb551b5a33421f.exe

Resource

win10v2004-20240508-en

neshta persistence spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

e00dd7eb22f4c0edd534efd84e64dd0129826b4175697e925ebb551b5a33421f.exe

Resource

win11-20240508-en

neshta persistence spyware stealer

windows11-21h2-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  e00dd7eb22f4c0edd534efd84e64dd0129826b4175697e925ebb551b5a33421f
- Size
  
  148KB
- MD5
  
  afb27825d8a45bea2992eca0e060a968
- SHA1
  
  4ba416298adc14aae5b27dcbf29d12b4fdc4fbb8
- SHA256
  
  e00dd7eb22f4c0edd534efd84e64dd0129826b4175697e925ebb551b5a33421f
- SHA512
  
  75070ba706ca43404d54e75a58b36e4178892822d6aea2bec5304931c57b5fad0b4d52750da5ed3bde1fb0f86d5481bc8106b23be497a5593627ecaecf12de43
- SSDEEP
  
  3072:wr85Cl7A5G390uDmJTQSaMm5/6lWOax9ggPppjdz7eqQfZ86:w9ZqWlQWx3PppjdPsZ86
Score

10^/10

neshta persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2025

Terms | Privacy