neshta | 6d7782ae320887e3e04ae93c0285d079243992e9e35fd824f69f078e9432b9a9 | Triage

Submit
Reports

Overview

overview

Static

static

6d7782ae32...9N.exe

windows7-x64

6d7782ae32...9N.exe

windows10-2004-x64

Sharing

General

Target

6d7782ae320887e3e04ae93c0285d079243992e9e35fd824f69f078e9432b9a9N.exe
Size

3.6MB
Sample

250116-th64rsyngq
MD5

8efbab57c56415590fbfc8940e1a1310
SHA1

4444de9dea28bf06a1d7b6459660d8375954ecc6
SHA256

6d7782ae320887e3e04ae93c0285d079243992e9e35fd824f69f078e9432b9a9
SHA512

be03bc60dc5b1804687a9c6b14617ad0765c5d06b8f357a4266c53c532ef291ca1a2a6d9cdbb56c9496610faafcb805b08db8a9f2e66cf95599a733478296b67
SSDEEP

98304:/KjfONIlt2Z1dASGD0DJLVz8Dq3dd84NDdzhwEooHMQBU0:/KLGhjea7JNDXDsY

Score

10^/10

neshta discovery persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

6d7782ae320887e3e04ae93c0285d079243992e9e35fd824f69f078e9432b9a9N.exe

Resource

win7-20240903-en

neshta discovery persistence spyware stealer

windows7-x64

14 signatures

120 seconds

Behavioral task

behavioral2

Sample

6d7782ae320887e3e04ae93c0285d079243992e9e35fd824f69f078e9432b9a9N.exe

Resource

win10v2004-20241007-en

neshta discovery persistence spyware stealer

windows10-2004-x64

14 signatures

120 seconds

Malware Config

Targets

- Target
  
  6d7782ae320887e3e04ae93c0285d079243992e9e35fd824f69f078e9432b9a9N.exe
- Size
  
  3.6MB
- MD5
  
  8efbab57c56415590fbfc8940e1a1310
- SHA1
  
  4444de9dea28bf06a1d7b6459660d8375954ecc6
- SHA256
  
  6d7782ae320887e3e04ae93c0285d079243992e9e35fd824f69f078e9432b9a9
- SHA512
  
  be03bc60dc5b1804687a9c6b14617ad0765c5d06b8f357a4266c53c532ef291ca1a2a6d9cdbb56c9496610faafcb805b08db8a9f2e66cf95599a733478296b67
- SSDEEP
  
  98304:/KjfONIlt2Z1dASGD0DJLVz8Dq3dd84NDdzhwEooHMQBU0:/KLGhjea7JNDXDsY
Score

10^/10

neshta discovery persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtadiscoverypersistencespywarestealer

behavioral2

neshtadiscoverypersistencespywarestealer

© 2018-2025

Terms | Privacy