neshta

Sharing

Copy URL

Twitter E-mail

General

Target

69690842b80a50cf67175d9d717966ec_JaffaCakes118
Size

3.6MB
Sample

241022-htnwsavfmk
MD5

69690842b80a50cf67175d9d717966ec
SHA1

ecadfde6275ccdba07ef55c72872568eed9f8521
SHA256

d8db2eb1cc1045e9f1806b6fce300007bfccc2186045ceb928b2280b1816e47a
SHA512

2ae12462ca2ca19f3be17f0726495b9879e30a398cccb633369a8f520ba0ef551f8f69b65ec67f8f061c7170d537c7cc13a6501c3cd579002075205e0e666da4
SSDEEP

98304:1T/ugNElWj7KkLE4pYosBnLFvWPzidIUv1Mq:BGKElSjJnsBn6ix19

Score

10^/10

Malware Config

Targets

- Target
  
  русский экстримальный сервер/announce.exe
- Size
  
  181KB
- MD5
  
  f256923c25afb58e2a93029971f0a0a7
- SHA1
  
  3a8db595961d5aeb1173305ca1a08e3693c4b301
- SHA256
  
  be58a0071b38915e8a511342dc4231b2480ccb4c0a98a3e021148ce14cead924
- SHA512
  
  2bcf329a047d72ff18371d8ad460d7b55d71de9a17877c89e2f5d939bc17bfa6ac2a524560a3fc90f8ea2ccf0aeb77f2a4834ede70d8229cdfd24469f1dde1a8
- SSDEEP
  
  3072:Qz3FII7uzXzjasem6R0fa1jyZp5DGr85C:QLFV7uTzjum6+M2Ze9
Score

1^/10
behavioral1 behavioral2
- Target
  
  русский экстримальный сервер/pawno/Include/a_objects.inc
- Size
  
  3KB
- MD5
  
  2bc967b685dc21b9728887fd660d8c6b
- SHA1
  
  29d36110a5b3aa564c41eb26f11ec23a6d025408
- SHA256
  
  c3e08eb8ec7e26b72541bc0c4779f531b0e99328d58e768c3dd285edceea703a
- SHA512
  
  abcbbf4b0971f5a32a94bf944afd21d5db7266f8c13c835aa1d5add232cb021ad6839f18964db59c9c540a19d800442159efabcc20b8be236e2d13d4ea94e880
Score

1^/10
behavioral3 behavioral4
- Target
  
  русский экстримальный сервер/pawno/Include/gamemodes/businesses.inc
- Size
  
  11KB
- MD5
  
  7aebf62c38ff82e908440b6f16cd0260
- SHA1
  
  d45eb1139d034c37964d51e8b5124f789c0d0c8b
- SHA256
  
  1edb448244ab302a9a3cdade39ca6fa06fc9e49603da744c5f427ecc0bb66c2a
- SHA512
  
  393b5967b96bceea95a57f4069778f8ca8ae04519f0db90689bbaac337d286ddb21b13c4c44771077ea791c38985dabc9ec9faa1ae32edfdd158d0da7cb9173a
- SSDEEP
  
  192:FDFHVfDNUjMdRJDBlvF3CaP9lZFOE+Xl279l3FnlMo9DTVc:zNNICNywKVcaWTm
Score

1^/10
behavioral5 behavioral6
- Target
  
  русский экстримальный сервер/pawno/Include/gamemodes/gangs.inc
- Size
  
  52KB
- MD5
  
  83f7c0235865f6210c6e6b9ac9b9f792
- SHA1
  
  f6b5645f69a35cad8d8f9974f4a31c9687dae4fb
- SHA256
  
  a91c7f52503a952acb06f66ddd37828d98ecd7803ad7e3a2a1a3681e7a869c66
- SHA512
  
  8f8e734eb89da5a12609a580f12ccf74170990505f105dd5579a15079e23b2d05ecbe3b4a4659979f724e86ad1f6f9e0c6779c2566018d5c5b674fb7c7de09ed
- SSDEEP
  
  768:BBuv+NI8tV3ctCOxcYslOhIcuQXlcJq7+a71OjJFGt6FparyoN6EB:bNI4+QlOhMJq7+a71OdIt8a9
Score

1^/10
behavioral7 behavioral8
- Target
  
  русский экстримальный сервер/pawno/Include/gamemodes/houses.inc
- Size
  
  11KB
- MD5
  
  217c8439f452f89e050117b520e103a0
- SHA1
  
  f691c618fcb69099b44316bf0901e3599689d81c
- SHA256
  
  e9f2df1ba114a09f1d201fdfd58e509e1f23ee8f8710acf28649c7461ee9d809
- SHA512
  
  b5c63bc525f375fb4b3f0194e199340123d363349797ace2cd1a0087e639bc4c8f106e33d840221ad2b693a8052c43bd8b231cb05d62bbe1086aa22724bd60b5
- SSDEEP
  
  192:qMFkB4/kjj4s7CoEK4SChl13CQnAlk8O4+XRckAl9nvMTLxAl8nm0kAle1t0:X/U5i7yG80h40Lp
Score

1^/10
behavioral10 behavioral9
- Target
  
  русский экстримальный сервер/pawno/Include/gamemodes/missions.inc
- Size
  
  76KB
- MD5
  
  153ec4cfd3120426daba27e2cdca6f3b
- SHA1
  
  308a11a79ad367f321656cdb462ca319e2856635
- SHA256
  
  bd19a7eece5aae7971c42232b6778464ff495fff1fa2a5062235e470b928f02f
- SHA512
  
  fe921df298deb36f959ebdf26ef96f8c0468ac5342f05cb3ad54378c5dfe17a552eb1e7359a140c093fd599e1e1f7deff437014e5138548e421778a49f93ce2a
- SSDEEP
  
  768:/4irIAvEiFzMyMBeUSyJX6IAxAZdmOkIc+fuyos8EKYz/JtOsn:QiZwp6Ixdmic+vKYzB4sn
Score

1^/10
behavioral11 behavioral12
- Target
  
  русский экстримальный сервер/pawno/Include/gamemodes/team_quests.inc
- Size
  
  54KB
- MD5
  
  c6ff83fe0398890a165ca98f20c8e05f
- SHA1
  
  fe001de9805f531e3930454ad64f7219658e4698
- SHA256
  
  cb554fe9e059ed230dbaf4105aa036ad3361d7873593ecc513af4518cd58619a
- SHA512
  
  62aebf1bf3aea124f7fffa29b3861a2f9a443d8de7b6961ed0a81dd326dcdfb6aefe656ab458af8a8bc082a39abcf2f6e34efd7a96b4cf7edec9280a52c5e1a6
- SSDEEP
  
  768:s3cA+tclChbU4MrboRogI+sHLL3TGt8o7fs7Ttaq4nA8Uts9:SQcgho45+/r2TAtaqF8U0
Score

1^/10
behavioral13 behavioral14
- Target
  
  русский экстримальный сервер/pawno/Include/gamemodes/world.inc
- Size
  
  8KB
- MD5
  
  75104827e19415b6d28379823bef5a84
- SHA1
  
  30550939390eb07f7b38f9ab3cbbee04e6805ba3
- SHA256
  
  1dedf42aab05f3c31f828aa90c1bda1239a3f302519b491265829278d0a1ce59
- SHA512
  
  b38d1db636cfd0803407461b95ab279929b45d6b57a60f924d9b46a9fc1f47d11ef036f7265ac963af9dd3e8e53d185b3d6675d5515de807b343e31af0193be9
- SSDEEP
  
  192:ETFHjZUJ/lTTNvoMg5XcEUU75dol++Gm15Dq:4DZoTNojh7i5G
Score

1^/10
behavioral15 behavioral16
- Target
  
  русский экстримальный сервер/pawno/libpawnc.dll
- Size
  
  275KB
- MD5
  
  1f3b35dc739f9e6d843cfaa595f320b2
- SHA1
  
  ac37a03427b356e3e4c1c1fe9d1f10f4a6d97f9c
- SHA256
  
  b7a6d406aaad6c6dc6621889a3e5c006755a16e577a46a806df2a85203813b56
- SHA512
  
  549c8b7ee2c4e59220e74053ef0147d35fdf6cb923726956e882c3e5640483e0108c3ccaca96934ce94ee3d387a16f022df86f38dbb6692c6b688ec8fc0734d7
- SSDEEP
  
  6144:DQUATh1kDLdQRUOi6XqXOKcB5B5jriaCvWwApMtye6cEIfUGmpkRQBfcqlu4V2lr:DQUATh1k3dQRUOi6XqXO9/B5jriaCe/E
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  русский экстримальный сервер/pawno/pawnc.dll
- Size
  
  160KB
- MD5
  
  127ce048627abc0c6e599b16334a6f24
- SHA1
  
  ddc099b88460379e0d6dc85b73966b6019b30d8c
- SHA256
  
  62fde5039bd5be38e244900f5ae81567cf1e4d628bf0e9d0e0a6ad675853581c
- SHA512
  
  55f03242c83cf4573d5da3d10112bb6b1ad717bbb02dc8b9f2477cf453c30baa180a5684d2c608dd145715dcc8534675c6f4cc4e4fe2c2a05d079d4c88c2983b
- SSDEEP
  
  3072:OP/bQiOGbQ1PUMA4LK3zIAO6uiDMy4RL89IkkF8xgEhuM:OP/Vt2NLKvnuqMywkk/Eh
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  русский экстримальный сервер/pawno/pawncc.exe
- Size
  
  15KB
- MD5
  
  5b8766d335b25f1a180af10cb736b6ba
- SHA1
  
  83f081d683840f9e9cfb161801d13edbcfd50646
- SHA256
  
  e086cbaeee177c5e56cc3cf124a014f3496297c8d8de0fe17d49468584a9fb3f
- SHA512
  
  25bf21940a7399fbe5709997d5327142d706e5023cd14560b29d65eb1e1dc3526a3432c94b0d711f2affedbfdcb6f3be84af6549a742d0d62832530558f58d2d
- SSDEEP
  
  192:1m58SVl+4smhjTMW6vrkTGeTDT//BWLGeTkGeTGOvs7HlFMMafc:1m58SV04lt6MGevTnYLGeQGeyVHlSMak
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  русский экстримальный сервер/pawno/pawno.exe
- Size
  
  421KB
- MD5
  
  b9fb7dcd6db0eb83d8def923d62c13c1
- SHA1
  
  d137ffb2abf89b3accaabf22ef3be92c3927d3b0
- SHA256
  
  9c8e3d64896e0b5a65e4df7eff46d6d765c8579504d49f5c5b4c7cee230182de
- SHA512
  
  59a64e42446cae4c78f581da3d1ea535c7718f2e064d4ddbb5231f582262694d66578afccf71d73e295194410fc0d7a4123ff87207093e93b1cbacd675e8d21d
- SSDEEP
  
  12288:mTWKYEEF5J87vzLh8aVJSTHZqV5dU79gqV5dU79gqV5dU7k:mzJ45J8DznVJCqV5yWqV5yWqV5yw
Score

10^/10

neshta discovery persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral23 behavioral24
- Target
  
  русский экстримальный сервер/plugins/antiattack.dll
- Size
  
  114KB
- MD5
  
  16c561a7546b4dcb181e16f81504a28c
- SHA1
  
  89d89244762bf7edfc97cb0b9442ac723bda609f
- SHA256
  
  58d5ced6031c703390e3964b8a7d1b4290926987c20ef15d40779b290dc9d83c
- SHA512
  
  a5fe577475c74af1e2fb497e1d0b1df9c22cfc55b788056dd93097949b93f51578575f165aa763b83faeb0fa05455d33be43f11ad9cc566c6a643728e6a964d6
- SSDEEP
  
  1536:G08xF1YJMspdH71KBWMJilKMAv4HtFKA2s0Vl9hgYLxbHSnYM5/6xu4E:G08HadHkWiilwnAHyFbHoV6xu4E
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  русский экстримальный сервер/plugins/antiattack.so
- Size
  
  32KB
- MD5
  
  20a2b540503679b8426de433c376526a
- SHA1
  
  67af601e60b383844971ee3e458a69cb226742ee
- SHA256
  
  ecd679e3d83ebe3f2dca90c69d86357b03543a5209eb5ccd814a8c84e81e25ce
- SHA512
  
  062bc8b55a27c169c6bbf4b4b1c6981e091f9ae8655940d30e04ca6db8323c23010d5b31865ac74954ff8d8b9bb4ccdaf73dc65d70142d8100eb5894811978b8
- SSDEEP
  
  768:2OZ8qxa10k3SH3fTRlHCuDsOueCj3xRo00meX5ABkbQM:jxa10k3SXtbsECzxRN0VpABkbQM
Score

1^/10
behavioral27
- Target
  
  русский экстримальный сервер/plugins/regex.dll
- Size
  
  185KB
- MD5
  
  562b74bde634b638e8807a7c2f7c947a
- SHA1
  
  372637db3ed1bf26d913ae8447faa9d1150b3469
- SHA256
  
  4661447933204a8bcbdd64023ebfce8422c72277813aaaf18a184fc35f5ce5c3
- SHA512
  
  5bdb09359f52403936286630f3efb4b41c72289f38db6bcb345fbb381a5bdc5dd9dd5cd8b50a10fe395b3aecbb8b730bebd7b9d477b07bb3cb68de7647005325
- SSDEEP
  
  3072:moVqWqYURg9h8dCeDOzOEC8ixeRcBskVylhFAlmrCHOtFmiz:hMY19h8dCeDOaFnxeRcBskoFAAGHOtAi
Score

3^/10

discovery
behavioral28 behavioral29
- Target
  
  русский экстримальный сервер/plugins/regex.so
- Size
  
  492KB
- MD5
  
  725fab3337ca01519ede745ddc7df8bd
- SHA1
  
  8cb8ba907bda0377733903566a431627ad74aa88
- SHA256
  
  3c2736f07f3f33ef171e8256e05d4026186c3113c1099eb93f1501c6e94bbeb2
- SHA512
  
  321abf3bd4d101b0d1c224d5c9f716f0088854fd99854b80cdda36ec8e84825aceb263d3aa55948f44b29d074bd085b64c63328ae06a8f685273b30a62656393
- SSDEEP
  
  6144:GVaie3gqUPqJWk8mdGVzvOIfcBAz0PC2r9nDkwL8e9oF1N53yYLu0om9WEF+fPn:hQPvO60PC2rNkwL8e9oF1N53rIn
Score

1^/10
behavioral30
- Target
  
  русский экстримальный сервер/plugins/streamer.dll
- Size
  
  235KB
- MD5
  
  7477d1fa17cc49434d3f2535758d3953
- SHA1
  
  2873741669e06720718b4c05cc9512b36938100a
- SHA256
  
  e1ebb301bb05859d6aedde494c2fe7e102df0c79e1b9a575d8dee8fa0296cc6f
- SHA512
  
  60d95b90e90fa031121216e04df81e5a0b816fe49ac58712c21a3a7ed02ee75236ce98c572149d3bde2a67ac02138a010df50c83b0ae8ab3be68feca53190ca9
- SSDEEP
  
  3072:HPmx4ysuRVx9nVvPdhx6nIHQEPCYTbGyZTwKZUR7HGANOrP1zwnrOZqzxF+VC:v6DswlPD8IC8UR7mAcP1zwrOZqu
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detect Neshta payload

Modifies system executable filetype association

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32