neshta | c9337c8f48fc7af88debacd0e9ec24bb2c018f073d4d8f70214667ec66184cb1 | Triage

Submit
Reports

Overview

overview

Static

static

c9337c8f48...1N.exe

windows7-x64

c9337c8f48...1N.exe

windows10-2004-x64

Sharing

General

Target

c9337c8f48fc7af88debacd0e9ec24bb2c018f073d4d8f70214667ec66184cb1N.exe
Size

125KB
Sample

241128-dtxfpssrfz
MD5

c62efb3a6a6f420fba02c4c68102ec20
SHA1

b0ced797fe884f230d0694b1525022c8bd6adf5c
SHA256

c9337c8f48fc7af88debacd0e9ec24bb2c018f073d4d8f70214667ec66184cb1
SHA512

b82ad6ea8a0d33c418d8a778689b8dadcb69756f2261aed4b5da840343a534b01905df1d47a7c248b0cc508b72a0da7c68f050fe8e48ea11905c39d5d32dcb77
SSDEEP

1536:JxqjQ+P04wsmJCTWfcsiorZD0IqOU8rqvdHnw8RSijDtSA5xeZ0DbBCc0+:sr85CykxoVRrU8rUHwDijpS4DbYc0+

Score

10^/10

neshta discovery persistence spyware stealer

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

c9337c8f48fc7af88debacd0e9ec24bb2c018f073d4d8f70214667ec66184cb1N.exe

Resource

win7-20240903-en

neshta discovery persistence spyware stealer

windows7-x64

15 signatures

120 seconds

Behavioral task

behavioral2

Sample

c9337c8f48fc7af88debacd0e9ec24bb2c018f073d4d8f70214667ec66184cb1N.exe

Resource

win10v2004-20241007-en

neshta discovery persistence spyware stealer

windows10-2004-x64

14 signatures

120 seconds

Malware Config

Targets

- Target
  
  c9337c8f48fc7af88debacd0e9ec24bb2c018f073d4d8f70214667ec66184cb1N.exe
- Size
  
  125KB
- MD5
  
  c62efb3a6a6f420fba02c4c68102ec20
- SHA1
  
  b0ced797fe884f230d0694b1525022c8bd6adf5c
- SHA256
  
  c9337c8f48fc7af88debacd0e9ec24bb2c018f073d4d8f70214667ec66184cb1
- SHA512
  
  b82ad6ea8a0d33c418d8a778689b8dadcb69756f2261aed4b5da840343a534b01905df1d47a7c248b0cc508b72a0da7c68f050fe8e48ea11905c39d5d32dcb77
- SSDEEP
  
  1536:JxqjQ+P04wsmJCTWfcsiorZD0IqOU8rqvdHnw8RSijDtSA5xeZ0DbBCc0+:sr85CykxoVRrU8rUHwDijpS4DbYc0+
Score

10^/10

neshta discovery persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtadiscoverypersistencespywarestealer

behavioral2

neshtadiscoverypersistencespywarestealer

© 2018-2025

Terms | Privacy