neshta | 4fc9500405b88fd85f73ad7c28aaef1f3db4f4f022d4d00fddc7bfc82a34e6b6 | Triage

Sharing

General

Target

4fc9500405b88fd85f73ad7c28aaef1f3db4f4f022d4d00fddc7bfc82a34e6b6N.exe
Size

520KB
Sample

241225-3nca1s1nfz
MD5

353a0b3789b3b0001ba7736e2f3b7c70
SHA1

84d1dc9b46611f1766cf104d6adfd4130fe423de
SHA256

4fc9500405b88fd85f73ad7c28aaef1f3db4f4f022d4d00fddc7bfc82a34e6b6
SHA512

1a24e3276519905971e8a8d7a02a48858772b4cca5f3cae96b62ad2e3cc8a3b7657f5bb9fe367bc868dba7b8dd860e1b6ae1924795ed20b9ea0894169a55a8ba
SSDEEP

3072:zr8WDrCNeFgma30T7yw9Inoe7HOjg4Sk5ksw2jUK:PuN0gma30T7yIbeajg4lkswgUK

Score

10^/10

neshta discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  4fc9500405b88fd85f73ad7c28aaef1f3db4f4f022d4d00fddc7bfc82a34e6b6N.exe
- Size
  
  520KB
- MD5
  
  353a0b3789b3b0001ba7736e2f3b7c70
- SHA1
  
  84d1dc9b46611f1766cf104d6adfd4130fe423de
- SHA256
  
  4fc9500405b88fd85f73ad7c28aaef1f3db4f4f022d4d00fddc7bfc82a34e6b6
- SHA512
  
  1a24e3276519905971e8a8d7a02a48858772b4cca5f3cae96b62ad2e3cc8a3b7657f5bb9fe367bc868dba7b8dd860e1b6ae1924795ed20b9ea0894169a55a8ba
- SSDEEP
  
  3072:zr8WDrCNeFgma30T7yw9Inoe7HOjg4Sk5ksw2jUK:PuN0gma30T7yIbeajg4lkswgUK
Score

10^/10

neshta discovery persistence spyware stealer
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtadiscoverypersistencespywarestealer

behavioral2

neshtadiscoverypersistencespywarestealer