neshta | 2e8064655d6ea1ebacf85d47343fd5dcc34568bf5e33cf204eeed59d11c44a16 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

47eef2c1de...18.exe

windows7-x64

47eef2c1de...18.exe

windows10-2004-x64

Sharing

General

Target

47eef2c1de595f0f75f52e26b07b7327_JaffaCakes118
Size

124KB
Sample

240715-djjf4avenl
MD5

47eef2c1de595f0f75f52e26b07b7327
SHA1

c889e4c5502f372dfd8638caca6011057cf8197b
SHA256

2e8064655d6ea1ebacf85d47343fd5dcc34568bf5e33cf204eeed59d11c44a16
SHA512

257c4b2ee01ebfcf5fd1c7bf178fce62d35fe1b8290097fabb677205ea1ac47a65a80c1180a92297c7bb598911f1089ad15c99fe94ca3e11f167c3ca11293b68
SSDEEP

1536:JxqjQ+P04wsmJC1L8RuP1HlQS+oiG+mOnUQX1tXaH3VBCtc7QAc+0HBf:sr85C1lQS+oiGxQFtX6/MAc+Ef

Score

10^/10

neshta persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

47eef2c1de595f0f75f52e26b07b7327_JaffaCakes118.exe

Resource

win7-20240704-en

neshta persistence spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

47eef2c1de595f0f75f52e26b07b7327_JaffaCakes118.exe

Resource

win10v2004-20240709-en

neshta persistence spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  47eef2c1de595f0f75f52e26b07b7327_JaffaCakes118
- Size
  
  124KB
- MD5
  
  47eef2c1de595f0f75f52e26b07b7327
- SHA1
  
  c889e4c5502f372dfd8638caca6011057cf8197b
- SHA256
  
  2e8064655d6ea1ebacf85d47343fd5dcc34568bf5e33cf204eeed59d11c44a16
- SHA512
  
  257c4b2ee01ebfcf5fd1c7bf178fce62d35fe1b8290097fabb677205ea1ac47a65a80c1180a92297c7bb598911f1089ad15c99fe94ca3e11f167c3ca11293b68
- SSDEEP
  
  1536:JxqjQ+P04wsmJC1L8RuP1HlQS+oiG+mOnUQX1tXaH3VBCtc7QAc+0HBf:sr85C1lQS+oiGxQFtX6/MAc+Ef
Score

10^/10

neshta persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2025

Terms | Privacy