neshta | 043482c55b036dae033f0647fe59ddb86602e9dcda29a43c9ab01855c63beee7 | Triage

Sharing

General

Target

043482c55b036dae033f0647fe59ddb86602e9dcda29a43c9ab01855c63beee7
Size

434KB
Sample

240710-w23a2asgrn
MD5

f99a3d80fd3b32a134d72717a654c778
SHA1

693374af9eca85b60a7ff0a2dd13ed873c7760b8
SHA256

043482c55b036dae033f0647fe59ddb86602e9dcda29a43c9ab01855c63beee7
SHA512

3f770f58dc47fe8d574e1fce07df8724ff166b8d72198155fd4839816e1ff787367e19db7b94dc95bfed20c589d6f5608f74c5da6eb825cc6f94cd497d5ff864
SSDEEP

6144:PuMLgRig56pUmEPczS5RyC8T4Aw0+wF/xKtZRHnH+4Oj3IJ429Wyf4rqrHB5d8:UigkpUmEBT8T4P0+w9xmggN8

Score

10^/10

neshta persistence spyware stealer

Malware Config

Targets

- Target
  
  043482c55b036dae033f0647fe59ddb86602e9dcda29a43c9ab01855c63beee7
- Size
  
  434KB
- MD5
  
  f99a3d80fd3b32a134d72717a654c778
- SHA1
  
  693374af9eca85b60a7ff0a2dd13ed873c7760b8
- SHA256
  
  043482c55b036dae033f0647fe59ddb86602e9dcda29a43c9ab01855c63beee7
- SHA512
  
  3f770f58dc47fe8d574e1fce07df8724ff166b8d72198155fd4839816e1ff787367e19db7b94dc95bfed20c589d6f5608f74c5da6eb825cc6f94cd497d5ff864
- SSDEEP
  
  6144:PuMLgRig56pUmEPczS5RyC8T4Aw0+wF/xKtZRHnH+4Oj3IJ429Wyf4rqrHB5d8:UigkpUmEBT8T4P0+w9xmggN8
Score

10^/10

neshta persistence spyware stealer
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer