neshta | cdc3a2b1345386fc5ed516d137dcea25e45f4abd5377b65ae95c78d88d0a4ecc | Triage

Submit
Reports

Overview

overview

Static

static

cdc3a2b134...cc.exe

windows7-x64

cdc3a2b134...cc.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

cdc3a2b1345386fc5ed516d137dcea25e45f4abd5377b65ae95c78d88d0a4ecc
Size

420KB
Sample

221205-q14vksef35
MD5

e6eaf0f8314fddfdae5766f880ed9746
SHA1

4b4292a279c4fd5ab92fb1d055c40322e698ed00
SHA256

cdc3a2b1345386fc5ed516d137dcea25e45f4abd5377b65ae95c78d88d0a4ecc
SHA512

e854c1ee89bccd3c9d1416da8da9e1271ed21601931b8e89f1f9f346706e9d0f815445d641a8ed3378507a481d5b385f441789214be19a09abd14f03d76db85a
SSDEEP

6144:k9w4EG9cuBhGCc/eTckcoSLL1EoLdt4ZG95Gt3L238ttIwZcrCBpdG/pVHMhZf:1kE/GBcLL1EmnHGV2IZlk/Huf

Score

10^/10

neshta ramnit banker persistence spyware stealer trojan upx worm

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

cdc3a2b1345386fc5ed516d137dcea25e45f4abd5377b65ae95c78d88d0a4ecc.exe

Resource

win7-20221111-en

neshta ramnit banker persistence spyware stealer trojan upx worm

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

cdc3a2b1345386fc5ed516d137dcea25e45f4abd5377b65ae95c78d88d0a4ecc.exe

Resource

win10v2004-20221111-en

neshta ramnit banker persistence spyware stealer trojan upx worm

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  cdc3a2b1345386fc5ed516d137dcea25e45f4abd5377b65ae95c78d88d0a4ecc
- Size
  
  420KB
- MD5
  
  e6eaf0f8314fddfdae5766f880ed9746
- SHA1
  
  4b4292a279c4fd5ab92fb1d055c40322e698ed00
- SHA256
  
  cdc3a2b1345386fc5ed516d137dcea25e45f4abd5377b65ae95c78d88d0a4ecc
- SHA512
  
  e854c1ee89bccd3c9d1416da8da9e1271ed21601931b8e89f1f9f346706e9d0f815445d641a8ed3378507a481d5b385f441789214be19a09abd14f03d76db85a
- SSDEEP
  
  6144:k9w4EG9cuBhGCc/eTckcoSLL1EoLdt4ZG95Gt3L238ttIwZcrCBpdG/pVHMhZf:1kE/GBcLL1EmnHGV2IZlk/Huf
Score

10^/10

neshta ramnit banker persistence spyware stealer trojan upx worm
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Ramnit
  Ramnit is a versatile family that holds viruses, worms, and Trojans.
  trojan spyware stealer worm banker ramnit
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neshtaramnitbankerpersistencespywarestealertrojanupxworm

behavioral2

neshtaramnitbankerpersistencespywarestealertrojanupxworm

© 2018-2025

Terms | Privacy