neshta | 101580f357d05a637f15eeab3a11c713a7e19d223209b443ce5d4e62346e2869 | Triage

Submit
Reports

Overview

overview

Static

static

101580F357...69.exe

windows11-21h2-x64

Sharing

General

Target

101580F357D05A637F15EEAB3A11C713A7E19D223209B443CE5D4E62346E2869.exe
Size

339KB
Sample

241204-qef7dswmhv
MD5

0f180f02493efbe8cd819fd0fb1ee77f
SHA1

7f782ab25143951dab6b8fe17682633d42bca6da
SHA256

101580f357d05a637f15eeab3a11c713a7e19d223209b443ce5d4e62346e2869
SHA512

bab000b0b136a8b837e2b4ef7d57e937e9139669ed117e7c9a273fa28a484d2bf88085739c1a32f8c0be9ffee3c46b719ef3e41e869a81774f78d374d1017cf0
SSDEEP

1536:JxqjQ+P04wsmJCFFHrVKZUmQoRodBOv8pVfnBnPC1N0VkiSXI0069F4TpZRgP7Z2:sr85CHMZ8fnBgWa6vTpZRyt9OvX

Score

10^/10

neshta discovery persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

101580F357D05A637F15EEAB3A11C713A7E19D223209B443CE5D4E62346E2869.exe

Resource

win11-20241007-it

neshta discovery persistence spyware stealer

windows11-21h2-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  101580F357D05A637F15EEAB3A11C713A7E19D223209B443CE5D4E62346E2869.exe
- Size
  
  339KB
- MD5
  
  0f180f02493efbe8cd819fd0fb1ee77f
- SHA1
  
  7f782ab25143951dab6b8fe17682633d42bca6da
- SHA256
  
  101580f357d05a637f15eeab3a11c713a7e19d223209b443ce5d4e62346e2869
- SHA512
  
  bab000b0b136a8b837e2b4ef7d57e937e9139669ed117e7c9a273fa28a484d2bf88085739c1a32f8c0be9ffee3c46b719ef3e41e869a81774f78d374d1017cf0
- SSDEEP
  
  1536:JxqjQ+P04wsmJCFFHrVKZUmQoRodBOv8pVfnBnPC1N0VkiSXI0069F4TpZRgP7Z2:sr85CHMZ8fnBgWa6vTpZRyt9OvX
Score

10^/10

neshta discovery persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Executes dropped EXE
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtadiscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy