neshta | 4f8fe07cc7211c840825aceecfb3b146ecf70a6fe36b0263ccf53e3baec306ea | Triage

Sharing

General

Target

4f8fe07cc7211c840825aceecfb3b146ecf70a6fe36b0263ccf53e3baec306eaN.exe
Size

663KB
Sample

241202-rtvtrsxndv
MD5

58c3d937a84b87984456c0b64d5fa360
SHA1

b23df3b3341a81630afbeb5f12be62698234ddc2
SHA256

4f8fe07cc7211c840825aceecfb3b146ecf70a6fe36b0263ccf53e3baec306ea
SHA512

122a52627f8dcdbeb038529a87e8cccb615a1f25d0ccb351adceb0f65f8fdb919d105ddc1b649e80b815f71a60d122a6fa4f37614ca70a57c246e64bdd8efdeb
SSDEEP

12288:vKECJXdST8+ZVwnJX+oajGbx5GfjbDm5CjuQJz98g:vKECvST8+ZVwne6bxODmpKOg

Score

10^/10

neshta discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  4f8fe07cc7211c840825aceecfb3b146ecf70a6fe36b0263ccf53e3baec306eaN.exe
- Size
  
  663KB
- MD5
  
  58c3d937a84b87984456c0b64d5fa360
- SHA1
  
  b23df3b3341a81630afbeb5f12be62698234ddc2
- SHA256
  
  4f8fe07cc7211c840825aceecfb3b146ecf70a6fe36b0263ccf53e3baec306ea
- SHA512
  
  122a52627f8dcdbeb038529a87e8cccb615a1f25d0ccb351adceb0f65f8fdb919d105ddc1b649e80b815f71a60d122a6fa4f37614ca70a57c246e64bdd8efdeb
- SSDEEP
  
  12288:vKECJXdST8+ZVwnJX+oajGbx5GfjbDm5CjuQJz98g:vKECvST8+ZVwne6bxODmpKOg
Score

10^/10

neshta discovery persistence spyware stealer
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtadiscoverypersistencespywarestealer

behavioral2

neshtadiscoverypersistencespywarestealer