neshta

Sharing

Copy URL

Twitter E-mail

General

Target

XSSLiteStealer.zip
Size

85.1MB
Sample

241220-1llessvkcw
MD5

c11ab323289928f5c675f1512f84842e
SHA1

dd837ab21971f35ae1175f8bc1a662b91126f5db
SHA256

90d015b08c37c5a9e9f42ada10ec29a5d34d5d6e63373eb5da9e5af6b485e688
SHA512

9b781f7a68708fc89432cfbbc7607ee4c74b17b1b3c5fa3addd41a0d057bac20f492307f1446803e1bc0b1944acb1aab95c018d73ef2f374f33d3c0c6453746d
SSDEEP

1572864:jwjvbuLAGSQPnwT25zin9KPzOsGaHDRfKZGD9K9uBukxk4Y+xRV5+aYPZ:jwL9GSq7in9KPzOsGaH0uBukVY+xRVkJ

Score

10^/10

Malware Config

Targets

- Target
  
  DefenderControl.exe
- Size
  
  823KB
- MD5
  
  879e3d30cc1392370ab0eec1601aa1b6
- SHA1
  
  c85e5eb120d860b0a67e3f091d5e7c29a7643bfd
- SHA256
  
  704ebc20fe0c7678a2b73d97ba6ad2945ece3a7d35ba0e0a394b629570af00ca
- SHA512
  
  71a5987a9f2fde213992be76865c0d57a4113027adf53aa515eaaa42c8f02e895297795a3c02f60ff837dcd045fa072814567ea1b65257c8006a0aa5f3e7bd44
- SSDEEP
  
  12288:g1OgLdaiqSqzU7rOv/O6/NH90u9KIyburq6fAdAYmyX:g1OYdaaIO6/LXEYr8dAByX
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Software Usage Tutorial/DefenderControl.exe
- Size
  
  863KB
- MD5
  
  8d12786d8e9477b36557a4c1e35bbb09
- SHA1
  
  a26c718f62b8b6729a16e35a7b68afee101903c6
- SHA256
  
  4f9a3f74fb2cfa5b9e3cb5f00de44e28a44695ab7244900db2eaa9efc494f06a
- SHA512
  
  232a440f8946e6993f3acc57766f50c2bade37b3dc95f0bbbdaf284b169baf258d92a896d7f9df5ae7f889091772b27b856d93f5db64edbea619e03fa159732e
- SSDEEP
  
  12288:jiqSqzU7rOv/O6/NH90u9KIyburq6fAdAYmyy1OgLdw:jaIO6/LXEYr8dAByy1OYdw
Score

10^/10

neshta discovery persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral3 behavioral4
- Target
  
  Software Usage Tutorial/Software Usage Tutorial.html
- Size
  
  7KB
- MD5
  
  403dacd0bcf0da63ac2ac682039a7f5b
- SHA1
  
  147c374ee4184752556f03cd31b98e343892014c
- SHA256
  
  85e6e28f777587fe4f0d85bacffd90dcb1047c8b0e1851b43d8bc6d6ede37d7d
- SHA512
  
  a19f28339122e019c68d0a302f9b53a8def7e795f681c440aba04616d354ca9eafe4d1b3baa6567179f166ec9b501113332da5940076cda5261c2314c6bdbaa7
- SSDEEP
  
  192:krNeVyhwQLJF2/BZsUMdQ6PbbcUqphd96foL8yo9QQplNR7AJk7IQgHahLKIkPD3:krNeVyhBLJFwBZxMOePhqphd96w4yo9a
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Telegram Channel.lnk
- Size
  
  1KB
- MD5
  
  4e0880288ad4607823df224723cd5c3c
- SHA1
  
  ca7a9cbbb1c5a2af44102a45c578b4e10601873e
- SHA256
  
  aeede2993a3dd6053b6bcb19fe3ad1fbb9b69fc54b5aef79ef58b279f558346f
- SHA512
  
  85d82b3be13368dd254fc967793813b4eb6c4b89bd21bebb27f68cf12d06dc1ae6335ec113650c30d8e6904f54163f7bc78746b1505b7494d9e220bd7d7e2d91
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7 behavioral8
- Target
  
  XSSLite Stealer/Client/Client/Grabber/Grabber.cs
- Size
  
  12KB
- MD5
  
  de412f286c65eaf43f1075b76fcf0e9e
- SHA1
  
  d6a99b7493e307da565fec1adb0b91e49bbe6086
- SHA256
  
  d67bda9b636a46e6ab86a96ebe07c63502d2501c8199438fd8cd9cc983792d9b
- SHA512
  
  3308cc741aa18cc4bec08e5be63bb82e21cb5e462759eb10601fc7a4b218b5c45cf1ba723fb94f4fe0f34265cc9c574076f399ebe2e174937590de6254b23861
- SSDEEP
  
  192:9cQm0PpUu7AZSuVkTzes9ayoTMCopxklhJyJozWi/o:9cX0OVZSMues98TMCrhip
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  XSSLite Stealer/Client/Client/Grabber/Wallets.cs
- Size
  
  2KB
- MD5
  
  24858208384f2d274bb1fbd767dff89b
- SHA1
  
  c20567fd0c094edef42694622e312eb881503f3d
- SHA256
  
  156d6b65c8457675fb19b0db146de52e0a059dc32907ce7e58452b12ce9063b1
- SHA512
  
  df70400eac174b027e68aee4aa35bceb74c9dc6064a8c9901efaf9c490e800af98c82e8b5d71d70a452301dc3c3e967b50b9e04a6ac64a7ebc77359c9b8ea088
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  XSSLite Stealer/Client/Client/Program.cs
- Size
  
  4KB
- MD5
  
  d75562856b6fd3474e6d9d76e820027e
- SHA1
  
  69930ff9ff36ed5d7d0c3c8cb1ebb0d2de84c75b
- SHA256
  
  41e0dd490ab6b05d58d803549da4b76ebbd3cff0f52662016e3434002eef6341
- SHA512
  
  ca16ad68266e64a323a294817d7ca4abb0d8bbe4b4329007c362d182c8f1be640acbc8a9a773c1802252cacbfc2a98a24c88e9c2f4688bf2eff3d0f23e1ae24c
- SSDEEP
  
  48:C9oUzzXA3VGZn8CjJwq2WkPT2qc2GkwutcEEwxJUnqt9O10XKV0RW2pts:SoUzzX2VO8CFkKbQW+xJUq0P0RBs
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  XSSLite Stealer/Client/Client/Protection.cs
- Size
  
  1KB
- MD5
  
  94cdb0f894ac396431ab4d169af28eb6
- SHA1
  
  420a361e0b5037416dc279b31d252aed092a7428
- SHA256
  
  4c97acd3539e693c35579a44f829be7d30acce14c84f600a99e66572d2e84008
- SHA512
  
  63f35ae42e5055b65df3e61a621dfd21a87c282c4240d292ee60ab06157b8e9f2eae6461eff7e6fd0e06b36f45790e0c926a45df8fe66390a7c1a55ff524a030
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  XSSLite Stealer/Client/packages/Costura.Fody.5.7.0/lib/netstandard1.0/Costura.dll
- Size
  
  4KB
- MD5
  
  501981c7fc457d59238eb99780efb615
- SHA1
  
  f1f25c01f6acf33bdd62c4f82d3ef078e76f0906
- SHA256
  
  41bb464ac7c0d192641077e44a59d7d89860c3c620a59961f2fc4a4be47deae3
- SHA512
  
  5921d0662add6c8aa075106878cc56335ccbf059d8bc7f359fe9e02a52ec657c3e5df1c718929564c09f205e4bd299b086f3e7424141f5e55ed0d756f65ee1e8
- SSDEEP
  
  48:6F+lni2qJfjVRPGwzCo4MhTN0KDdilETrVsH4/QWk1qyFVT2IbG:7g7KedGEiYIWM2
Score

1^/10
behavioral17 behavioral18
- Target
  
  XSSLite Stealer/Client/packages/Costura.Fody.5.7.0/netclassicweaver/Costura.Fody.dll
- Size
  
  193KB
- MD5
  
  d6ef4e35f96629ba9f9176cfc4d93b38
- SHA1
  
  2adee63def25e2a5993ea793180634a1d2946fd7
- SHA256
  
  f925017acb08ca6f8e99cd28cd6140c153efe5b241111de36b8b917a302794fa
- SHA512
  
  d7abb5932d7b0521816137c946a80400cf573a5047c440b9a78c4670b6926e7ae130608e6b2fa0b5e65478bf986d0e089168a80e13770a0bf91ea7a5529dd715
- SSDEEP
  
  3072:y+bjLBzNAiYBnAjJuCxp8kvyUUs38lsDJ5Qt/Dxk4HA7lmmVtGzGzxnzmoMi:y+bjdzNA64DlAX2zGzpzm
Score

1^/10
behavioral19 behavioral20
- Target
  
  XSSLite Stealer/Client/packages/Costura.Fody.5.7.0/netstandardweaver/Costura.Fody.dll
- Size
  
  196KB
- MD5
  
  cc6fe95d22242e0eaecc751647bb58af
- SHA1
  
  1aaa019f088fdd20862f97217bd347331b5bd714
- SHA256
  
  f8d0bbf51d54411c96b26fcee9a60d73b1170c40acb5586c9112f5bee6a23acc
- SHA512
  
  7e6df47eef146a9a87633ba6183121e1fffd1c3e330a2cc22bb0d915d54e162d589b8250ce867c3002fd49668f704adc0cb465afd8deed1efe7710b6e7eaacec
- SSDEEP
  
  3072:t+b5zlAkYBmrJuCxp8kvyUUs38lsDJ5Qt/Dxk4HA7lmmVtGzGzeIq5zhou:t+b5zlAS4DlAX2zGz1qla
Score

1^/10
behavioral21 behavioral22
- Target
  
  XSSLite Stealer/Client/packages/Fody.6.8.0/netclassictask/Fody.dll
- Size
  
  58KB
- MD5
  
  7dda117ba4a540765add988d4d703962
- SHA1
  
  a493920aabd59e97e675cd6da0d75100d61be12b
- SHA256
  
  b545aa2bb6b33809dea72a2262a0f403d87a05899d5bbd49727ef5b5b8a962e6
- SHA512
  
  b425cde90bf5bc3d2d816f683bb3a9a6d3c352d1615157db7824734a85ff74c33e561d143a7286cdd450b6e3ad647a11eb77ba314ccecbbccb209ada44822807
- SSDEEP
  
  1536:IMUQOggWoGnvMndHuu+VYZ8EiQRDrE+LWDMoe77NhU:IMUZGQVr7mMomNhU
Score

1^/10
behavioral23 behavioral24
- Target
  
  XSSLite Stealer/Client/packages/Fody.6.8.0/netclassictask/FodyCommon.dll
- Size
  
  16KB
- MD5
  
  092f6306105fc05fa41df80716e2e75e
- SHA1
  
  13d0830daf46109c072f511dc6eb9e582c87f92d
- SHA256
  
  868d483397b2d755c8685de03b76b143f590625ecaad169a575ab91afd1f3e2d
- SHA512
  
  3f58ccaa5a205156979debfdcfda3c991f28e1c6013823d048d7a7d0d822f2fff23d180b7083b89f2ef9877590daf29faf8f02d33b5b9dcb963bbb572a2f442e
- SSDEEP
  
  192:kzoOKhlMEblgkmjKGQ3N8LcY0INjE7+A+Zw1jsTPFArFbuiSGglbX9NVPZnPCX7o:L1lgkmji3N890IPwWTUglJNVq5Qh
Score

1^/10
behavioral25 behavioral26
- Target
  
  XSSLite Stealer/Client/packages/Fody.6.8.0/netclassictask/FodyHelpers.dll
- Size
  
  50KB
- MD5
  
  ebce73d9cc1a6cab8fddc3cede584908
- SHA1
  
  ad2c9ef51bc8b1ad166178bd3cb275e4a130fe6c
- SHA256
  
  7569aacb337116514039b35226f46d0e02672c91861f7daf6cc19923b7529556
- SHA512
  
  ddebb98e5562c511eda28ffdcaa7316cc00505de35d3ca441e68326ae9792e0410fbb2dec9560ff5847e8e2352e97ad5c00e8c24375a3dc60fd6afa7b06eb271
- SSDEEP
  
  768:QToWZwKWMC/vVbfOxF0ajPVqZ6lYThQRP8DPkPEgf8ZDlRT:QTEpM8AZVk6lTjtapRT
Score

1^/10
behavioral27 behavioral28
- Target
  
  XSSLite Stealer/Client/packages/Fody.6.8.0/netclassictask/FodyIsolated.dll
- Size
  
  41KB
- MD5
  
  48baf2c072c156438c77885e6c67c20c
- SHA1
  
  547af9da0e25a01b801d544ca3dad80ee6c5cca1
- SHA256
  
  3eeac2f97aed60bcd68cda1e7ff58cbec7ac63390901faeb2e14b6085a80bbae
- SHA512
  
  c0d350d5667ee40da09d594ebba4e4e0611e6f6317ce7fcbf5f192df733c65181d3ff650993a216909acf3259a054e4972af30a6b1f57e6b21adcd81a19e1b4f
- SSDEEP
  
  384:KfPU9AmZhPuGTWmAcrzl5h70Qil8nroh8PuBPOf+rMSguIBkjvM1k/r+MpCNRJUc:UmZVu2DFeOKppkRJU+UWE1qvv9A4fN
Score

1^/10
behavioral29 behavioral30
- Target
  
  XSSLite Stealer/Client/packages/Fody.6.8.0/netclassictask/Mono.Cecil.Pdb.dll
- Size
  
  87KB
- MD5
  
  bdfe84812d447cf67dc0f9b5f7b3cda8
- SHA1
  
  43de7a2e4f9b6e81d91cf6b56c2ef6e9d562649e
- SHA256
  
  25d1f19121dd780de3c8ac357a5436f7c59e3e63e2dd1d262a02092f5c371dff
- SHA512
  
  749eade2e98b27ef828178e52f50cefc8f88eb0a3e8049d6fa9460fcf3a9591b9d5eeec1abbf2e923ff4852b4ab2fb9c5f065840c921895359df4fe7ce574851
- SSDEEP
  
  1536:BfCEVETXo3f+yAvaDvNaPS/vSC6G+ALYKXgAJGsZAEcbxvjCXe6:9uiQPwvH6bArVJGXE+xveXe6
Score

1^/10
behavioral31 behavioral32