neshta | 490022706b76b904dfe979627f775cc2be0cd6a10ae623989cf2118026a21bea | Triage

Sharing

General

Target

PaymentAdvice-1629043.vbs
Size

2.3MB
Sample

241204-pw1fxswjat
MD5

9d7aa394cb39af2a434eb3036a35bb47
SHA1

bfcb9a3f1dcbcfce2f66f4c5c0e8dbada27dbd9f
SHA256

490022706b76b904dfe979627f775cc2be0cd6a10ae623989cf2118026a21bea
SHA512

3b2da959a16b915d52ceadb8336fc5478e7d579a38cf59fe34f15744a0017ea9907bf5b62b4670ea123b223a0af7f3e96ab03d132055a1afd8e6983a4f856033
SSDEEP

24576:dGPQzVpL6fvkC6MugzlGbhhkg6XCoCK86uTK6ClN3Br6kXIEHIQCobtMvQ8rAOSP:dGcJXxTqb38jR/4RzGfFVvC

Score

10^/10

neshta discovery persistence spyware

Malware Config

Targets

- Target
  
  PaymentAdvice-1629043.vbs
- Size
  
  2.3MB
- MD5
  
  9d7aa394cb39af2a434eb3036a35bb47
- SHA1
  
  bfcb9a3f1dcbcfce2f66f4c5c0e8dbada27dbd9f
- SHA256
  
  490022706b76b904dfe979627f775cc2be0cd6a10ae623989cf2118026a21bea
- SHA512
  
  3b2da959a16b915d52ceadb8336fc5478e7d579a38cf59fe34f15744a0017ea9907bf5b62b4670ea123b223a0af7f3e96ab03d132055a1afd8e6983a4f856033
- SSDEEP
  
  24576:dGPQzVpL6fvkC6MugzlGbhhkg6XCoCK86uTK6ClN3Br6kXIEHIQCobtMvQ8rAOSP:dGcJXxTqb38jR/4RzGfFVvC
Score

10^/10

discovery neshta persistence spyware
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Modifies system executable filetype association
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

neshtadiscoverypersistencespyware