neshta | 89081c9fa88141509a81344fc4138c4226a902334f74068868170d5e92fa8f50 | Triage

Sharing

General

Target

b94adfdc4c0e067022ff40c56253e8cf_JaffaCakes118
Size

135KB
Sample

241202-vn81zstle1
MD5

b94adfdc4c0e067022ff40c56253e8cf
SHA1

b81b63e3070b46e31c650a22c02a3984e8568fe9
SHA256

89081c9fa88141509a81344fc4138c4226a902334f74068868170d5e92fa8f50
SHA512

e5ac579902b5b785cd761d8b5787659ada3b6f1e3d6400559919eb2373147e0a7708041455518ee42305a88828b74612f16c8a41f056b594731f639f865cdb51
SSDEEP

3072:zr8WDrCBzPLwtoZdMXRgZ61BTb83UHzfgp77OpRgDR4l7ouC77oxJJ:PuBzPLwtoZdMXRgZ2b83UHzfgp/OpRG0

Score

10^/10

neshta discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  b94adfdc4c0e067022ff40c56253e8cf_JaffaCakes118
- Size
  
  135KB
- MD5
  
  b94adfdc4c0e067022ff40c56253e8cf
- SHA1
  
  b81b63e3070b46e31c650a22c02a3984e8568fe9
- SHA256
  
  89081c9fa88141509a81344fc4138c4226a902334f74068868170d5e92fa8f50
- SHA512
  
  e5ac579902b5b785cd761d8b5787659ada3b6f1e3d6400559919eb2373147e0a7708041455518ee42305a88828b74612f16c8a41f056b594731f639f865cdb51
- SSDEEP
  
  3072:zr8WDrCBzPLwtoZdMXRgZ61BTb83UHzfgp77OpRgDR4l7ouC77oxJJ:PuBzPLwtoZdMXRgZ2b83UHzfgp/OpRG0
Score

10^/10

neshta discovery persistence spyware stealer
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtadiscoverypersistencespywarestealer

behavioral2

neshtadiscoverypersistencespywarestealer