neshta | b3c4140104b09723a786c120c921b9e46d7b50be5fb0bd4afa7bbb23069948de | Triage

Submit
Reports

Overview

overview

Static

static

NL Brute.exe

windows7-x64

NL Brute.exe

windows10-2004-x64

NL Brute.exe

windows10-ltsc 2021-x64

NL Brute.exe

windows11-21h2-x64

Sharing

General

Target

NL Brute.exe
Size

7.8MB
Sample

241108-fme9ysvpes
MD5

aa7a175b442aa64c84fb306979a4320b
SHA1

a7cd106acbc7675337977f55387b92145190eb1c
SHA256

b3c4140104b09723a786c120c921b9e46d7b50be5fb0bd4afa7bbb23069948de
SHA512

bab9d021d7d1efb24298cb66f29d1d2b716a8ea24e44891cc01a1a3249cf32bfdf1688cac70e33f336c2e70b967ae3e22f3855c9dafdeb2d1f67e6e98adb4295
SSDEEP

196608:CfP0p8Y4DFbBJ5dIa82Vou2j09a3XAydVdODHMD16UAsdf6:CO8YwFV/dIa8wp2j09qXAyYDHMDYrsdi

Score

10^/10

neshta discovery evasion persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

NL Brute.exe

Resource

win7-20240708-en

neshta discovery evasion persistence spyware

windows7-x64

17 signatures

60 seconds

Behavioral task

behavioral2

Sample

NL Brute.exe

Resource

win10v2004-20241007-en

neshta discovery evasion persistence spyware stealer

windows10-2004-x64

21 signatures

60 seconds

Behavioral task

behavioral3

Sample

NL Brute.exe

Resource

win10ltsc2021-20241023-en

neshta discovery evasion persistence spyware stealer

windows10-ltsc 2021-x64

21 signatures

60 seconds

Behavioral task

behavioral4

Sample

NL Brute.exe

Resource

win11-20241007-en

neshta discovery evasion persistence spyware stealer

windows11-21h2-x64

20 signatures

60 seconds

Malware Config

Targets

- Target
  
  NL Brute.exe
- Size
  
  7.8MB
- MD5
  
  aa7a175b442aa64c84fb306979a4320b
- SHA1
  
  a7cd106acbc7675337977f55387b92145190eb1c
- SHA256
  
  b3c4140104b09723a786c120c921b9e46d7b50be5fb0bd4afa7bbb23069948de
- SHA512
  
  bab9d021d7d1efb24298cb66f29d1d2b716a8ea24e44891cc01a1a3249cf32bfdf1688cac70e33f336c2e70b967ae3e22f3855c9dafdeb2d1f67e6e98adb4295
- SSDEEP
  
  196608:CfP0p8Y4DFbBJ5dIa82Vou2j09a3XAydVdODHMD16UAsdf6:CO8YwFV/dIa8wp2j09qXAyYDHMDYrsdi
Score

10^/10

neshta discovery evasion persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtadiscoveryevasionpersistencespyware

behavioral2

neshtadiscoveryevasionpersistencespywarestealer

behavioral3

neshtadiscoveryevasionpersistencespywarestealer

behavioral4

neshtadiscoveryevasionpersistencespywarestealer

© 2018-2024

Terms | Privacy