neshta | b29bcccc633fcf1054ddc99b88b4be5c0263c2b2a61eaec9ee5e676612ae4bdc | Triage

Submit
Reports

Overview

overview

Static

static

b29bcccc63...dc.dll

windows7-x64

b29bcccc63...dc.dll

windows10-2004-x64

Sharing

General

Target

b29bcccc633fcf1054ddc99b88b4be5c0263c2b2a61eaec9ee5e676612ae4bdc
Size

184KB
Sample

221202-g52fksed5x
MD5

eded7b23c48aff4af017c06eefc11660
SHA1

e04bf50b0202d941e02b9e826790a34334e0b593
SHA256

b29bcccc633fcf1054ddc99b88b4be5c0263c2b2a61eaec9ee5e676612ae4bdc
SHA512

7a4a6ce0c3d5c39bc4a8a42c3f402a659d4cd43e9923f579d1d51d1e994d9cb4a51258fdd12d5b9c7e237edde872ec76bcf7792443b3c40d3cd9b23fbc84d985
SSDEEP

3072:idSdGlrc/9vNWkFOvJygOOMPCy5oFfIAvsTe7g1C+f8SWnYX:idSQJc/jWko2L/vOyC+f8SNX

Score

10^/10

neshta ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

b29bcccc633fcf1054ddc99b88b4be5c0263c2b2a61eaec9ee5e676612ae4bdc.dll

Resource

win7-20221111-en

neshta ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

b29bcccc633fcf1054ddc99b88b4be5c0263c2b2a61eaec9ee5e676612ae4bdc.dll

Resource

win10v2004-20221111-en

neshta persistence spyware upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  b29bcccc633fcf1054ddc99b88b4be5c0263c2b2a61eaec9ee5e676612ae4bdc
- Size
  
  184KB
- MD5
  
  eded7b23c48aff4af017c06eefc11660
- SHA1
  
  e04bf50b0202d941e02b9e826790a34334e0b593
- SHA256
  
  b29bcccc633fcf1054ddc99b88b4be5c0263c2b2a61eaec9ee5e676612ae4bdc
- SHA512
  
  7a4a6ce0c3d5c39bc4a8a42c3f402a659d4cd43e9923f579d1d51d1e994d9cb4a51258fdd12d5b9c7e237edde872ec76bcf7792443b3c40d3cd9b23fbc84d985
- SSDEEP
  
  3072:idSdGlrc/9vNWkFOvJygOOMPCy5oFfIAvsTe7g1C+f8SWnYX:idSQJc/jWko2L/vOyC+f8SNX
Score

10^/10

neshta ramnit banker persistence spyware stealer trojan upx worm
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

neshtaramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

neshtapersistencespywareupx

© 2018-2024

Terms | Privacy