neshta | d3184c77bc0ee6840bd0a454e006e023fec0b45e1d6033f8cf438d6290679fbb | Triage

Submit
Reports

Overview

overview

Static

static

d3184c77bc...bb.exe

windows7-x64

d3184c77bc...bb.exe

windows10-2004-x64

Sharing

General

Target

d3184c77bc0ee6840bd0a454e006e023fec0b45e1d6033f8cf438d6290679fbb.exe
Size

219KB
Sample

250101-sfbdmsyrcy
MD5

b59a715e6f4287a22d6ccfb95511f3fb
SHA1

a34ffff10c4486824741fc5e9132efd599d8806e
SHA256

d3184c77bc0ee6840bd0a454e006e023fec0b45e1d6033f8cf438d6290679fbb
SHA512

1fcf8a18271c32d2dd1a5cba0fe4882d3d98aed02fa85a03c945e58c215660ffc7fe07c1fa4780d20dcd9623033f6167c0a947c704014e4d9054b4d36b28bb04
SSDEEP

3072:sr85Cyah7um/B4R7SYL3ajOAUjpqzyKWtgftLCTHX3qzyrr85C3:k9jum/BWX3ajORqzFW6fZCL3qzi93

Score

10^/10

neshta discovery persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

d3184c77bc0ee6840bd0a454e006e023fec0b45e1d6033f8cf438d6290679fbb.exe

Resource

win7-20241010-en

neshta discovery persistence spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

d3184c77bc0ee6840bd0a454e006e023fec0b45e1d6033f8cf438d6290679fbb.exe

Resource

win10v2004-20241007-en

neshta discovery persistence spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  d3184c77bc0ee6840bd0a454e006e023fec0b45e1d6033f8cf438d6290679fbb.exe
- Size
  
  219KB
- MD5
  
  b59a715e6f4287a22d6ccfb95511f3fb
- SHA1
  
  a34ffff10c4486824741fc5e9132efd599d8806e
- SHA256
  
  d3184c77bc0ee6840bd0a454e006e023fec0b45e1d6033f8cf438d6290679fbb
- SHA512
  
  1fcf8a18271c32d2dd1a5cba0fe4882d3d98aed02fa85a03c945e58c215660ffc7fe07c1fa4780d20dcd9623033f6167c0a947c704014e4d9054b4d36b28bb04
- SSDEEP
  
  3072:sr85Cyah7um/B4R7SYL3ajOAUjpqzyKWtgftLCTHX3qzyrr85C3:k9jum/BWX3ajORqzFW6fZCL3qzi93
Score

10^/10

neshta discovery persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtadiscoverypersistencespywarestealer

behavioral2

neshtadiscoverypersistencespywarestealer

© 2018-2025

Terms | Privacy