neshta | 6d920d3eb3446899f430236b1e331910ff6638bee36fba49e9e77f292520b124 | Triage

Sharing

General

Target

PaymentAdvice-1629043.zip
Size

1.7MB
Sample

241204-lx95zaskdy
MD5

a0f079433f23f2e0076c3519a3a89a98
SHA1

6a1ae3c8b2beacd17249247914ce0c89bb6457de
SHA256

6d920d3eb3446899f430236b1e331910ff6638bee36fba49e9e77f292520b124
SHA512

3079a6fbe07c8731cf44f6a1c18ce45cfa1832ae9170b498873a928654a7f159b9f8fa832a6bbd61f3f0dbccebf5d9da59684b0014e361732376a75086673329
SSDEEP

49152:aYR4JFvrFdjOzLVPcXx9whCAdTEA2JdaUjpu:xR4DxUzL6B9whCwTElJdtw

Score

10^/10

neshta discovery persistence spyware

Malware Config

Targets

- Target
  
  PaymentAdvice-1629043.vbs
- Size
  
  2.3MB
- MD5
  
  9d7aa394cb39af2a434eb3036a35bb47
- SHA1
  
  bfcb9a3f1dcbcfce2f66f4c5c0e8dbada27dbd9f
- SHA256
  
  490022706b76b904dfe979627f775cc2be0cd6a10ae623989cf2118026a21bea
- SHA512
  
  3b2da959a16b915d52ceadb8336fc5478e7d579a38cf59fe34f15744a0017ea9907bf5b62b4670ea123b223a0af7f3e96ab03d132055a1afd8e6983a4f856033
- SSDEEP
  
  24576:dGPQzVpL6fvkC6MugzlGbhhkg6XCoCK86uTK6ClN3Br6kXIEHIQCobtMvQ8rAOSP:dGcJXxTqb38jR/4RzGfFVvC
Score

10^/10

discovery neshta persistence spyware
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Modifies system executable filetype association
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

neshtadiscoverypersistencespyware