neshta | d80b0e56373036d21cd952d66191bba20e3f88bb84bf5a94d931a48430d523f9 | Triage

Submit
Reports

Overview

overview

Static

static

54188b12dc...18.exe

windows7-x64

54188b12dc...18.exe

windows10-2004-x64

Sharing

General

Target

54188b12dc5f88750a7fce4cb0ddfdcb_JaffaCakes118
Size

103KB
Sample

241017-2lp9estfpn
MD5

54188b12dc5f88750a7fce4cb0ddfdcb
SHA1

b9d469177cbd6fd9596fc4783711ff620ed5b751
SHA256

d80b0e56373036d21cd952d66191bba20e3f88bb84bf5a94d931a48430d523f9
SHA512

0ee8e4a52cd19e4b4f35f539d398212bb621c5e3fec56672790a8fa42245a983bb403873719cfad5d157552b4ab08e97379830a7407a848f53cd57276728903d
SSDEEP

768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJuS3LwnNZPuh7QRr:JxqjQ+P04wsmJCPS3E8hkRr

Score

10^/10

neshta discovery persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

54188b12dc5f88750a7fce4cb0ddfdcb_JaffaCakes118.exe

Resource

win7-20240903-en

neshta discovery persistence spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

54188b12dc5f88750a7fce4cb0ddfdcb_JaffaCakes118.exe

Resource

win10v2004-20241007-en

neshta discovery persistence spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  54188b12dc5f88750a7fce4cb0ddfdcb_JaffaCakes118
- Size
  
  103KB
- MD5
  
  54188b12dc5f88750a7fce4cb0ddfdcb
- SHA1
  
  b9d469177cbd6fd9596fc4783711ff620ed5b751
- SHA256
  
  d80b0e56373036d21cd952d66191bba20e3f88bb84bf5a94d931a48430d523f9
- SHA512
  
  0ee8e4a52cd19e4b4f35f539d398212bb621c5e3fec56672790a8fa42245a983bb403873719cfad5d157552b4ab08e97379830a7407a848f53cd57276728903d
- SSDEEP
  
  768:eyxqjQl/EMQt4Oei7RwsHxyP7nbxzOQdJuS3LwnNZPuh7QRr:JxqjQ+P04wsmJCPS3E8hkRr
Score

10^/10

neshta discovery persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtadiscoverypersistencespywarestealer

behavioral2

neshtadiscoverypersistencespywarestealer

© 2018-2025

Terms | Privacy