Menu

  • Alerts
  • Incidents
  • News
  • Cyber Briefing
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Tutorials

Useful Tools

  • Password Generator
No Result
View All Result
Wednesday, December 6, 2023
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
    • Cyber Briefing
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
Get Help
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
    • Cyber Briefing
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
Get Help
No Result
View All Result
CyberMaterial
No Result
View All Result
Home Malware

Neshta( File Infector ) – Malware

Reading Time: 3 mins read
in Malware, Types of Malware

Name Neshta
Additional Names Win32:Crypt-SKC [Trj] (Avast), Win32.Neshta.A (BitDefender), Virus.Win32.Neshta.a (Kaspersky)
Type of Malware File Infector
Location – Country of Origin Europe
Date of initial activity 2010
Associated Groups BlackEnergy, Sandworm, Sofacy
Motivation Neshta uses infected files to collect various system information relating to the operating system, hardware, and installed software. Collected data is then sent to a remote server and criminals can easily use it to generate revenue in malicious ways, thereby causing a variety of privacy issues.
Attack Vectors Email, Downloads, USB drives, Network shares, Malvertising
Targeted System Windows

Overview

Netshta is a file infector and information stealer that targets executable files, network shares, and removable storage devices. Once the system is infected, it collects system information and exfiltarates data via its C2. Neshta spreads by phishing emails, removeable media, and other malware.

Targets

Mainly used to attack companies that specialize in finance, consumer goods, and energy. It is also used to attack the manufacturing industry.

Tools/ Techniques Used

Cyber criminals distribute this malware through other malware or infected files that people download from dubious download sources. Examples of malicious programs designed to spread other software of this type include Tortoiseshell, Torpig, and Nymeria. Typically, people are unaware that their computers are infected with these programs.

Impact / Significant Attacks

In 2007, Neshta malware was used to launch a cyberattack against Estonia. The attack targeted Estonian government websites, banks, and media organizations. The attack caused widespread disruption and damage, and it is believed to have been carried out by Russia.

In 2015, Neshta malware was used to launch a cyberattack against Ukraine. The attack targeted Ukrainian government websites, banks, and media organizations. The attack caused widespread disruption and damage, and it is believed to have been carried out by Russia.

In 2017, Neshta malware was used to spread the WannaCry ransomware. WannaCry is a type of malware that encrypts a victim’s files and demands a ransom payment in order to decrypt them. The WannaCry attack infected over 200,000 computers in over 150 countries.

Indicators of Compromise (IoCs)

SHA256 Hashes

29fd307edb4cfa4400a586d38116a90ce91233a3fc277de1cab7890e681c409a
980bac6c9afe8efc9c6fe459a5f77213b0d8524eb00de82437288eb96138b9a2
539452719c057f59238e123c80a0a10a0b577c4d8af7a5447903955e6cf7aa3d
a4d0865565180988c3d9dbf5ce35b7c17bac6458ef234cfed82b4664116851f2
46200c11811058e6d1173a2279213d0b7ccde611590e427b3b28c0f684192d00
c965f9503353ecd6971466d32c1ad2083a5475ce64aadc0b99ac13e2d2c31b75

References

  1. What kind of malware is Neshta?
  2. Virus.Neshta
  3. Top 10 Malware Q1 2023
Tags: AttackersCyberattackCybersecurityEmail SecurityFile InfectorMalvertisingMalwaremalware nameNeshtaUSB drivesWindows
ADVERTISEMENT

Related Posts

WALA Exposes 25GB Pet Owners’ Data

WALA Exposes 25GB Pet Owners’ Data

December 6, 2023
Data Breach in Pan-American insurance

Data Breach in Pan-American insurance

December 6, 2023
Andariel Cyber Theft in South Korea

Andariel Cyber Theft in South Korea

December 6, 2023
HTC Global Services cyberattack confirmed

HTC Global Services cyberattack confirmed

December 6, 2023
SPARRSO Hit by Team Network Nine

SPARRSO Hit by Team Network Nine

December 6, 2023
OPM Initiates Cyber Rotation for Government

OPM Initiates Cyber Rotation for Government

December 5, 2023

Latest Alerts

Google Play SpyLoan Scam Unveiled

Qualcomm Security Exploits Unveiled

AI Disinfo Targets Ukraine, U.S., Germany

NFT Collections at Risk for Library Flaw

Deceptive iPhone Lockdown Mode Bypass

GitHub Go Modules Vulnerable to Repojacking

Subscribe to our newsletter

    Latest Incidents

    WALA Exposes 25GB Pet Owners’ Data

    Data Breach in Pan-American insurance

    Andariel Cyber Theft in South Korea

    HTC Global Services cyberattack confirmed

    SPARRSO Hit by Team Network Nine

    OPM Initiates Cyber Rotation for Government

    • About Us
    • Contact Us
    • Legal and Privacy Policy
    • Site Map

    © 2023 | CyberMaterial | All rights reserved

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Briefing
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials

    Copyright © 2023 CyberMaterial

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist