neshta | 43ee1e6041ca2bcc76e8acfa57465a27c696b6bea20a31179fa3d5c6a7462354 | Triage

Submit
Reports

Overview

overview

Static

static

43ee1e6041...54.exe

windows7-x64

43ee1e6041...54.exe

windows10-2004-x64

Sharing

General

Target

43ee1e6041ca2bcc76e8acfa57465a27c696b6bea20a31179fa3d5c6a7462354
Size

185KB
Sample

241010-zjy3fa1fkj
MD5

5620eb4429b036309296a466d09b8e35
SHA1

6686bc6723c0770873c139969a159b6b509c2af0
SHA256

43ee1e6041ca2bcc76e8acfa57465a27c696b6bea20a31179fa3d5c6a7462354
SHA512

4504280a8f00803ed5ec31c9ef4b844be94afb7d01b55e8e18cecb223639835ce379bbbe3e8830fa98ff9dc6198850537bce3fa14d32e89d847daa41ed249bdd
SSDEEP

3072:sr85Cena2TFyCWjB+Gu6hHE8Pd8w+rUB8DAp8DCYDB8DApBwdC:k9L2Tat0Jy8DJt8DsF

Score

10^/10

neshta discovery persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

43ee1e6041ca2bcc76e8acfa57465a27c696b6bea20a31179fa3d5c6a7462354.exe

Resource

win7-20240903-en

neshta discovery persistence spyware stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

43ee1e6041ca2bcc76e8acfa57465a27c696b6bea20a31179fa3d5c6a7462354.exe

Resource

win10v2004-20241007-en

neshta discovery persistence spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  43ee1e6041ca2bcc76e8acfa57465a27c696b6bea20a31179fa3d5c6a7462354
- Size
  
  185KB
- MD5
  
  5620eb4429b036309296a466d09b8e35
- SHA1
  
  6686bc6723c0770873c139969a159b6b509c2af0
- SHA256
  
  43ee1e6041ca2bcc76e8acfa57465a27c696b6bea20a31179fa3d5c6a7462354
- SHA512
  
  4504280a8f00803ed5ec31c9ef4b844be94afb7d01b55e8e18cecb223639835ce379bbbe3e8830fa98ff9dc6198850537bce3fa14d32e89d847daa41ed249bdd
- SSDEEP
  
  3072:sr85Cena2TFyCWjB+Gu6hHE8Pd8w+rUB8DAp8DCYDB8DApBwdC:k9L2Tat0Jy8DJt8DsF
Score

10^/10

neshta discovery persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtadiscoverypersistencespywarestealer

behavioral2

neshtadiscoverypersistencespywarestealer

© 2018-2025

Terms | Privacy