neshta | 494b3740ca0548a0b43364ee22bfa9ef92d6c4cb0c22477de9c9e6b86c31aae1 | Triage

Submit
Reports

Overview

overview

Static

static

sipqzcebfx.bin.exe

windows7_x64

Sharing

General

Target

sipqzcebfx.bin
Size

204KB
Sample

211215-jek21shhej
MD5

9bf78c91a3a3d33270b75569c29cacbb
SHA1

8b37208e5fe7f75b335224e822da2c90ea30d52a
SHA256

494b3740ca0548a0b43364ee22bfa9ef92d6c4cb0c22477de9c9e6b86c31aae1
SHA512

a69e83cbb7ecd6436f55131b460832a665dc85da7400021325fd33bd80199a4e6c7e064871b9b499d2d7e4c23f7955bd92f1e0b3390b4cfd9e38b8c61a39a5ef

Score

10^/10

neshta ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

sipqzcebfx.bin.exe

Resource

win7-en-20211208

neshta ramnit banker persistence spyware stealer trojan upx worm

windows7_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  sipqzcebfx.bin
- Size
  
  204KB
- MD5
  
  9bf78c91a3a3d33270b75569c29cacbb
- SHA1
  
  8b37208e5fe7f75b335224e822da2c90ea30d52a
- SHA256
  
  494b3740ca0548a0b43364ee22bfa9ef92d6c4cb0c22477de9c9e6b86c31aae1
- SHA512
  
  a69e83cbb7ecd6436f55131b460832a665dc85da7400021325fd33bd80199a4e6c7e064871b9b499d2d7e4c23f7955bd92f1e0b3390b4cfd9e38b8c61a39a5ef
Score

10^/10

neshta ramnit banker persistence spyware stealer trojan upx worm
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtaramnitbankerpersistencespywarestealertrojanupxworm

© 2018-2024

Terms | Privacy