neshta | a23e2caeb2453e3b385efb8691d8d7b813956d558b00a725617ba53698941e77 | Triage

Submit
Reports

Overview

overview

Static

static

vaultFile1...81.exe

windows7-x64

vaultFile1...81.exe

windows10-2004-x64

Sharing

General

Target

ap-file-vaultFile17014791945718416581.vol-1917625634.zip
Size

53KB
Sample

250112-2k1zjavqbq
MD5

1e6c969d9b49f6cdb8273cbced20cad5
SHA1

c54ae1ffc5ee2ed5e1211dc9f52c20786c34ca04
SHA256

a23e2caeb2453e3b385efb8691d8d7b813956d558b00a725617ba53698941e77
SHA512

677f48ae411373a5326387bbbec1122ac9282cc0f217d1abc517cdf70aa6c35211821ac1236e59e468e994b08db5db6d0717a6ac580d70176b4347d0e65e722a
SSDEEP

1536:GdBW27oTRRN2TaQwlEmCvKnn968NqWnJ1DK37mSmSJip:4iTPofwPCgk8Npn7DKrmp

Score

10^/10

neshta discovery persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

vaultFile17014791945718416581.exe

Resource

win7-20240903-en

neshta discovery persistence spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

vaultFile17014791945718416581.exe

Resource

win10v2004-20241007-en

neshta discovery persistence spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  vaultFile17014791945718416581.vol
- Size
  
  129KB
- MD5
  
  af5814f78ef77f83f9ead1caf5ada012
- SHA1
  
  b9fe65dd240558a1d39b21a0d5f3b48345263eb4
- SHA256
  
  354622421a1966755dd59eff4145c8a7f1b6ed9cba2ca87f186e85f4e272b89f
- SHA512
  
  287afdb13169a5807d7248ca0db117c7364beb5e8daaa98abdcb81ff12c59a7c9e04dad52dfd695b2cac303894de958f1363200c505e0491a564eba3dcd16f65
- SSDEEP
  
  1536:JxqjQ+P04wsmJCsPKxG7QeLuk/3hIFmNjEX/QSjv+T:sr85CsSxG7hukqCAX/QSjve
Score

10^/10

neshta discovery persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtadiscoverypersistencespywarestealer

behavioral2

neshtadiscoverypersistencespywarestealer

© 2018-2025

Terms | Privacy