neshta | 520e6de27a9f414a124beb79e0e6ec03282cc4bac7af6804cd9d7f59ad55e8fe | Triage

Sharing

General

Target

520e6de27a9f414a124beb79e0e6ec03282cc4bac7af6804cd9d7f59ad55e8fe.exe
Size

459KB
Sample

241219-lrl6yszlfk
MD5

453d7e1840a5a725bac9d7726563b767
SHA1

1859dfced81aefffebeaa6d54ac406130aaab80c
SHA256

520e6de27a9f414a124beb79e0e6ec03282cc4bac7af6804cd9d7f59ad55e8fe
SHA512

82dbca444776e97376197ec8a649fb57f9a80ee4cff2d25a8cb13a8e5c2082ab7238e08372d084a75a378ea0bac40190c6eb66452e872f0164d013816712c03c
SSDEEP

6144:k9SBOt5NA4ojPaSu5FM8GJpD6jNW3pEn7wnLcycPOAOfb9MNujlwVg:3B05+4Fn5FM8GJF6jNW+POIXVg

Score

10^/10

neshta discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  520e6de27a9f414a124beb79e0e6ec03282cc4bac7af6804cd9d7f59ad55e8fe.exe
- Size
  
  459KB
- MD5
  
  453d7e1840a5a725bac9d7726563b767
- SHA1
  
  1859dfced81aefffebeaa6d54ac406130aaab80c
- SHA256
  
  520e6de27a9f414a124beb79e0e6ec03282cc4bac7af6804cd9d7f59ad55e8fe
- SHA512
  
  82dbca444776e97376197ec8a649fb57f9a80ee4cff2d25a8cb13a8e5c2082ab7238e08372d084a75a378ea0bac40190c6eb66452e872f0164d013816712c03c
- SSDEEP
  
  6144:k9SBOt5NA4ojPaSu5FM8GJpD6jNW3pEn7wnLcycPOAOfb9MNujlwVg:3B05+4Fn5FM8GJF6jNW+POIXVg
Score

10^/10

neshta discovery persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtadiscoverypersistencespywarestealer

behavioral2

neshtadiscoverypersistencespywarestealer