neshta | 8266a61ff85a3e15d51575bef8f049430b61056d3962bcf0e6ba0a5f715e884d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8266a61ff85a3e15d51575bef8f049430b61056d3962bcf0e6ba0a5f715e884dN
Size

308KB
Sample

241009-pebq8sthmj
MD5

ea4a26be6d0417118d36b64d8df75bf0
SHA1

ca66a3d7f6b71b519f887ad4c67e43cf1f333a40
SHA256

8266a61ff85a3e15d51575bef8f049430b61056d3962bcf0e6ba0a5f715e884d
SHA512

5e434d1c4d43cf73d50bb21c8aa5cad25ddae4f9abdf85cf2be542a57d036234d2303be0c2614592918af155d75db4f0c548a3a2de6708db1cb718dfcdd940d4
SSDEEP

3072:zr8WDrC3+TOOJ60q2mTJXZ27N539bEotjtWxDRFYYW9JI4qlp9ig8ZHiHf:Pu3uOOY9H27N539RjtEROYW3Dkf

Score

10^/10

neshta discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  8266a61ff85a3e15d51575bef8f049430b61056d3962bcf0e6ba0a5f715e884dN
- Size
  
  308KB
- MD5
  
  ea4a26be6d0417118d36b64d8df75bf0
- SHA1
  
  ca66a3d7f6b71b519f887ad4c67e43cf1f333a40
- SHA256
  
  8266a61ff85a3e15d51575bef8f049430b61056d3962bcf0e6ba0a5f715e884d
- SHA512
  
  5e434d1c4d43cf73d50bb21c8aa5cad25ddae4f9abdf85cf2be542a57d036234d2303be0c2614592918af155d75db4f0c548a3a2de6708db1cb718dfcdd940d4
- SSDEEP
  
  3072:zr8WDrC3+TOOJ60q2mTJXZ27N539bEotjtWxDRFYYW9JI4qlp9ig8ZHiHf:Pu3uOOY9H27N539RjtEROYW3Dkf
Score

10^/10

neshta discovery persistence spyware stealer
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtadiscoverypersistencespywarestealer

behavioral2

neshtadiscoverypersistencespywarestealer