neshta | be5984a2f035ac72c79005d5870e42d73ab4ac0201562d90ed1faef865026fac | Triage

Submit
Reports

Overview

overview

Static

static

be5984a2f0...ac.exe

windows7-x64

be5984a2f0...ac.exe

windows10-2004-x64

Sharing

General

Target

be5984a2f035ac72c79005d5870e42d73ab4ac0201562d90ed1faef865026fac.exe
Size

203KB
Sample

241127-vckt1sxrgl
MD5

fd58423666efdd6ff015ecacfbc738fc
SHA1

ccde6588b8d19dc4dc2cc9f27117daf818f622fa
SHA256

be5984a2f035ac72c79005d5870e42d73ab4ac0201562d90ed1faef865026fac
SHA512

b9705b8258eb1ed3a703e145c537319f9bd7d4e0d5737a5fd038f5e25762e7ea5730455aefd4fbd5d56e8f883ab3d019aed0b38dc006603b9f8f7947ccf93f77
SSDEEP

3072:sr85CRAQUtm3XC99BqHUtm3XC99BqFr85C+:k9RAvmHqZmHqW9+

Score

10^/10

neshta discovery persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

be5984a2f035ac72c79005d5870e42d73ab4ac0201562d90ed1faef865026fac.exe

Resource

win7-20241010-en

neshta discovery persistence spyware stealer

windows7-x64

11 signatures

120 seconds

Behavioral task

behavioral2

Sample

be5984a2f035ac72c79005d5870e42d73ab4ac0201562d90ed1faef865026fac.exe

Resource

win10v2004-20241007-en

neshta discovery persistence spyware stealer

windows10-2004-x64

11 signatures

120 seconds

Malware Config

Targets

- Target
  
  be5984a2f035ac72c79005d5870e42d73ab4ac0201562d90ed1faef865026fac.exe
- Size
  
  203KB
- MD5
  
  fd58423666efdd6ff015ecacfbc738fc
- SHA1
  
  ccde6588b8d19dc4dc2cc9f27117daf818f622fa
- SHA256
  
  be5984a2f035ac72c79005d5870e42d73ab4ac0201562d90ed1faef865026fac
- SHA512
  
  b9705b8258eb1ed3a703e145c537319f9bd7d4e0d5737a5fd038f5e25762e7ea5730455aefd4fbd5d56e8f883ab3d019aed0b38dc006603b9f8f7947ccf93f77
- SSDEEP
  
  3072:sr85CRAQUtm3XC99BqHUtm3XC99BqFr85C+:k9RAvmHqZmHqW9+
Score

10^/10

neshta discovery persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtadiscoverypersistencespywarestealer

behavioral2

neshtadiscoverypersistencespywarestealer

© 2018-2025

Terms | Privacy