neshta | ffa4cb846b0f2ee92ca5773fef68e77b7ed00edbb6ff62732d963e13ed38bf89 | Triage

Submit
Reports

Overview

overview

Static

static

ffa4cb846b...9N.exe

windows7-x64

ffa4cb846b...9N.exe

windows10-2004-x64

Sharing

General

Target

ffa4cb846b0f2ee92ca5773fef68e77b7ed00edbb6ff62732d963e13ed38bf89N.exe
Size

363KB
Sample

250212-q4t5jstqhw
MD5

7b02d471d211417a8e268895a0d737a0
SHA1

5473cba694acb1b516c84858ecf61023f25301e9
SHA256

ffa4cb846b0f2ee92ca5773fef68e77b7ed00edbb6ff62732d963e13ed38bf89
SHA512

1b3f7ecd8b622a48eb6f295cd9421e08409353ef7354d915baa5537070edda6988693ec620a49550998d6c799103de2d866b08e7bb9f8301465857fc10fb0317
SSDEEP

6144:k9jeFHDi+DZUdHDgKhXogpcq7oV/7U0ZWwnJZvjib:8eFHDHCDXogcq7oiSZnPk

Score

10^/10

neshta discovery persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

ffa4cb846b0f2ee92ca5773fef68e77b7ed00edbb6ff62732d963e13ed38bf89N.exe

Resource

win7-20241010-en

neshta discovery persistence spyware stealer

windows7-x64

13 signatures

120 seconds

Behavioral task

behavioral2

Sample

ffa4cb846b0f2ee92ca5773fef68e77b7ed00edbb6ff62732d963e13ed38bf89N.exe

Resource

win10v2004-20250211-en

neshta discovery persistence spyware stealer

windows10-2004-x64

15 signatures

120 seconds

Malware Config

Targets

- Target
  
  ffa4cb846b0f2ee92ca5773fef68e77b7ed00edbb6ff62732d963e13ed38bf89N.exe
- Size
  
  363KB
- MD5
  
  7b02d471d211417a8e268895a0d737a0
- SHA1
  
  5473cba694acb1b516c84858ecf61023f25301e9
- SHA256
  
  ffa4cb846b0f2ee92ca5773fef68e77b7ed00edbb6ff62732d963e13ed38bf89
- SHA512
  
  1b3f7ecd8b622a48eb6f295cd9421e08409353ef7354d915baa5537070edda6988693ec620a49550998d6c799103de2d866b08e7bb9f8301465857fc10fb0317
- SSDEEP
  
  6144:k9jeFHDi+DZUdHDgKhXogpcq7oV/7U0ZWwnJZvjib:8eFHDHCDXogcq7oiSZnPk
Score

10^/10

neshta discovery persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Neshta family
  neshta
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtadiscoverypersistencespywarestealer

behavioral2

neshtadiscoverypersistencespywarestealer

© 2018-2025

Terms | Privacy