neshta | 18d42fb654502e7602aa0b5cb8a80442dee37ce6cae5bc08b913398c39c6d35a | Triage

Submit
Reports

Overview

overview

Static

static

028343f7cf...e8.exe

windows7-x64

028343f7cf...e8.exe

windows10-2004-x64

Sharing

General

Target

028343f7cf9_electornic_20542648826.zip
Size

133KB
Sample

241226-25jkzsvjhn
MD5

1eeca591fcf00ee6a05a7f75a6343753
SHA1

db1a0783586d03f346854b7c9da9029a3bed35e1
SHA256

18d42fb654502e7602aa0b5cb8a80442dee37ce6cae5bc08b913398c39c6d35a
SHA512

5dcb8b4b1054ee3b7f15ac262481efd183f11b4735e20c5ede1942e9ff9f238cd6f041dc6f955485160490840060fc3d86b08f419be227528a7d64cf6811d771
SSDEEP

1536:RiWe38B4bqem3/N2efF6NPSo+GY/mP/YhELarTrE8Dvb6LdPl/bOUEhcU6hBlXM7:8qeupYNKQOmP/488DvCt4cARxxai

Score

10^/10

neshta discovery persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

028343f7cf9661471bdf9b9a6923797a963211f91edf4678bf66c52aca7838e8.exe

Resource

win7-20240903-en

neshta discovery persistence spyware stealer

windows7-x64

13 signatures

300 seconds

Behavioral task

behavioral2

Sample

028343f7cf9661471bdf9b9a6923797a963211f91edf4678bf66c52aca7838e8.exe

Resource

win10v2004-20241007-en

neshta discovery persistence spyware stealer

windows10-2004-x64

13 signatures

300 seconds

Malware Config

Targets

- Target
  
  028343f7cf9661471bdf9b9a6923797a963211f91edf4678bf66c52aca7838e8
- Size
  
  391KB
- MD5
  
  bc1235b936dea3cf19830d6d6fb39594
- SHA1
  
  d51a0c9489c5a7117decd98f06c03d99d9f2e009
- SHA256
  
  028343f7cf9661471bdf9b9a6923797a963211f91edf4678bf66c52aca7838e8
- SHA512
  
  4b02aec7f2b2a0752335c647a31fa44d2e6e5557bffc6894520ed37247f47ee80aa5a6da070d2cea8c7cf0e980abaf7a81c6cb2d78e5ddd92f1176118362a59b
- SSDEEP
  
  6144:k9t/B5fpRr3TmiTVVmVVV8VVNVVVcVVVxVVVPVVlVVVRVVVtVVWV60jVLVVOVVUt:c/B5fn5cqj4D
Score

10^/10

neshta discovery persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtadiscoverypersistencespywarestealer

behavioral2

neshtadiscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy