neshta | 9b8e50a36da08888f797bac0c49dfe327a833d768539faa7ba57e1a3dac0b390 | Triage

Submit
Reports

Overview

overview

Static

static

5

9b8e50a36d...90.exe

windows7-x64

9b8e50a36d...90.exe

windows10-2004-x64

Sharing

General

Target

9b8e50a36da08888f797bac0c49dfe327a833d768539faa7ba57e1a3dac0b390
Size

1.4MB
Sample

240905-ppaxpa1bkn
MD5

818dcbf5c73a3f8431493b86d0982f14
SHA1

c7a6dc7e656b813fcde72fa960ad9d704f55dfa6
SHA256

9b8e50a36da08888f797bac0c49dfe327a833d768539faa7ba57e1a3dac0b390
SHA512

4b2f7aca8f5c2268700e0a22239bdfcc54a2ad8cadca14b39be7b82ee88fefd97123274f58b001f5961d696470df02e78713905f35bf9b0c4aea91f182438122
SSDEEP

24576:tqDEvCTbMWu7rQYlBQcBiT6rprG8aqecFgcV6QhYaMEgb8FrT2fKj:tTvC/MTQYxsWR7aqmEgoFrP

Score

10^/10

neshta discovery persistence spyware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

9b8e50a36da08888f797bac0c49dfe327a833d768539faa7ba57e1a3dac0b390.exe

Resource

win7-20240903-en

neshta discovery persistence spyware

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

9b8e50a36da08888f797bac0c49dfe327a833d768539faa7ba57e1a3dac0b390.exe

Resource

win10v2004-20240802-en

neshta discovery persistence spyware

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  9b8e50a36da08888f797bac0c49dfe327a833d768539faa7ba57e1a3dac0b390
- Size
  
  1.4MB
- MD5
  
  818dcbf5c73a3f8431493b86d0982f14
- SHA1
  
  c7a6dc7e656b813fcde72fa960ad9d704f55dfa6
- SHA256
  
  9b8e50a36da08888f797bac0c49dfe327a833d768539faa7ba57e1a3dac0b390
- SHA512
  
  4b2f7aca8f5c2268700e0a22239bdfcc54a2ad8cadca14b39be7b82ee88fefd97123274f58b001f5961d696470df02e78713905f35bf9b0c4aea91f182438122
- SSDEEP
  
  24576:tqDEvCTbMWu7rQYlBQcBiT6rprG8aqecFgcV6QhYaMEgb8FrT2fKj:tTvC/MTQYxsWR7aqmEgoFrP
Score

10^/10

neshta discovery persistence spyware
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtadiscoverypersistencespyware

behavioral2

neshtadiscoverypersistencespyware

© 2018-2025

Terms | Privacy