neshta | 3bb926efde156f81eefd898f8b09070101501a89e21da5ac1e6fb0a0d122d4dd | Triage

Sharing

General

Target

3bb926efde156f81eefd898f8b09070101501a89e21da5ac1e6fb0a0d122d4dd.exe
Size

275KB
Sample

241226-k7tqasskcm
MD5

c9891b3e96da458538aaf4302168b201
SHA1

fc691aa6fc450a54a6f18491e9c642c1a747ca3c
SHA256

3bb926efde156f81eefd898f8b09070101501a89e21da5ac1e6fb0a0d122d4dd
SHA512

9cb5e35f87d53daa5bb8ea0af4a91a1f0a00a6b76ed1dbb77822fcd504e0ac525f272a94eaced8b99ea6d98a08187f2880f086858407ef34b4f38800ac3bbc10
SSDEEP

3072:zr8WDrCHxjH+vzpgJJ+lmftSlcGWCD6OQ3ajFSkvHFdl:PuRMzQE/D6OQ3w3l

Score

10^/10

neshta discovery persistence spyware stealer

Malware Config

Targets

- Target
  
  3bb926efde156f81eefd898f8b09070101501a89e21da5ac1e6fb0a0d122d4dd.exe
- Size
  
  275KB
- MD5
  
  c9891b3e96da458538aaf4302168b201
- SHA1
  
  fc691aa6fc450a54a6f18491e9c642c1a747ca3c
- SHA256
  
  3bb926efde156f81eefd898f8b09070101501a89e21da5ac1e6fb0a0d122d4dd
- SHA512
  
  9cb5e35f87d53daa5bb8ea0af4a91a1f0a00a6b76ed1dbb77822fcd504e0ac525f272a94eaced8b99ea6d98a08187f2880f086858407ef34b4f38800ac3bbc10
- SSDEEP
  
  3072:zr8WDrCHxjH+vzpgJJ+lmftSlcGWCD6OQ3ajFSkvHFdl:PuRMzQE/D6OQ3w3l
Score

10^/10

neshta discovery persistence spyware stealer
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtadiscoverypersistencespywarestealer

behavioral2

neshtadiscoverypersistencespywarestealer