neshta | bb424c09754876ee1fd12da33b1fcdb40c0d008d8c4c89c9e7f1a10211efa4bd | Triage

Sharing

General

Target

bb424c09754876ee1fd12da33b1fcdb40c0d008d8c4c89c9e7f1a10211efa4bd
Size

775KB
Sample

240825-fdz8rsxamk
MD5

45677bcd19ce7a7b3ff48f1be26c9fb5
SHA1

1a39835f004735e6d77528129785b9535930cd53
SHA256

bb424c09754876ee1fd12da33b1fcdb40c0d008d8c4c89c9e7f1a10211efa4bd
SHA512

66bf5824c07f9c31fefafe6ecffa1e984711315f3397301be21fc13a6dd7cc16b84ab006b46f6a78825ee56f804a474927d76f381445a5afd270b535ae1df25b
SSDEEP

12288:OsqgmDWSpR+Gqj1gOSJVSKdet5RVu5ihnYQspCp9qWvX9fRB1IP:2gCWSpRyjdSJVDsVu5unzqWvX1lIP

Score

10^/10

neshta discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  bb424c09754876ee1fd12da33b1fcdb40c0d008d8c4c89c9e7f1a10211efa4bd
- Size
  
  775KB
- MD5
  
  45677bcd19ce7a7b3ff48f1be26c9fb5
- SHA1
  
  1a39835f004735e6d77528129785b9535930cd53
- SHA256
  
  bb424c09754876ee1fd12da33b1fcdb40c0d008d8c4c89c9e7f1a10211efa4bd
- SHA512
  
  66bf5824c07f9c31fefafe6ecffa1e984711315f3397301be21fc13a6dd7cc16b84ab006b46f6a78825ee56f804a474927d76f381445a5afd270b535ae1df25b
- SSDEEP
  
  12288:OsqgmDWSpR+Gqj1gOSJVSKdet5RVu5ihnYQspCp9qWvX9fRB1IP:2gCWSpRyjdSJVDsVu5unzqWvX1lIP
Score

10^/10

neshta discovery persistence spyware stealer
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtadiscoverypersistencespywarestealer

behavioral2

neshtadiscoverypersistencespywarestealer